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QUESTION 1 

Which two options are reasons for TCP starvation? (Choose two.) 

A. The use of tail drop 

B. The use of WRED 

C. Mixing TCP and UDP traffic in the same traffic class 

D. The use of TCP congestion control 

Answer: CD 


QUESTION 2 

Which type of port would have root guard enabled on it? 

A. A root port 

B. An alternate port 

C. A blocked port 

D. A designated port 

Answer: D 


QUESTION 3 

Refer to the exhibit. Which action will solve the error state of this interface when connecting a 
host behind a Cisco IP phone? 

DOTlX-SP-5-SECURITY_VICLATION: Security violation on interface GigafcitEthernet4/8, 
New MAC address 0080.adOO.c2e4 is seen on the interface in Single host mode 
%PM-SP-4-ERR_DISA3LE: security-violation error detected on Gi4/8, putting G14/8 in 
err-disable state 


A. Configure dotl x-port control auto on this interface 

B. Enable errdisable recovery for security violation errors 

C. Enable port security on this interface 

D. Configure multidomain authentication on this interface 

Answer: D 


QUESTION 4 

Refer to the exhibit. While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series 
Switch, you notice the error message that is shown in the exhibit in the log file. 

What can be the cause of this issue, and how can it be prevented? 


%C4K_L3HWF0RWARDING-2-FWPCAMFULL: L3 routing table is full. Switching to software forwarding 


A. The hardware routing table is full. Redistribute from BGP into IGP. 

B. The software routing table is full. Redistribute from BGP into IGP. 

C. The hardware routing table is full. Reduce the number of routes in the routing table. 

D. The software routing table is full. Reduce the number of routes in the routing table. 

Answer: C 
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QUESTION 5 

Refer to the exhibit. All switches have default bridge priorities, and originate BPDUs with MAC 
addresses as indicated. The numbers shown are STP link metrics. Which two ports are 
forwarding traffic after STP converges? (Choose two.) 


Priority: 32768 
MAC Address: 
(4ac.c1c4.2ba3 


Priority: 32768 
MAC Address: 
f4ac.c1c4 2b84 


Priority: 32768 
MAC Address: 
f4ac.c1c4 2b80 




f4ac.c1c4 2b86 


Priority: 32768 
MAC Address 
f4ac.c1c4 2b82 


Priority: 32768 
MAC Address 
f4ac.dc4.2b85 


A. The port connecting switch SWD with switch SWE 

B. The port connecting switch SWG with switch SWF 

C. The port connecting switch SWC with switch SWE 

D. The port connecting switch SWB with switch SWC 

Answer: CD 


QUESTION 6 

Refer to the exhibit. While troubleshooting high CPU utilization on one of your Cisco Catalyst 
switches, you find that the issue is due to excessive flooding that is caused by STP. What can 
you do to prevent this issue from happening again? 
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switch#show spanning-tree detail 

MSTO is executing the mstp compatible Spanning Tree protocol 
Bridge Identifier has priority 32763, sysid 0, address f4ac.clc4.2b80 
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6 
Current root has priority 24576, address 0015.07aa.9ac0 
Root port is 56 (Port-channell), cost of root path is 0 
Topology change flag not set, detected flag not set 
Number of topology changes 256 last change occurred 00:01:17 ago 
from GigabitEthernetO/15 


A. Disable STP completely on the switch. 

B. Change the STP version to RSTP. 

C. Configure PortFast on port-channel 1. 

D. Configure UplinkFast on the switch. 

E. Configure PortFast on interface GiO/15. 

Answer: E 


QUESTION 7 

Refer to the exhibit. Which three statements about the output are true? (Choose three.) 


Switch# 

show ip igmp snooping mrouter 

Vlan 

ports 

10 

Gi2/0/l(dynamic), Router 

o 

Cl 

Gi2/0/l(dynamic), Router 


A. An mrouter port can be learned by receiving a PIM hello packet from a multicast router. 

B. This switch is configured as a multicast router. 

C. Gi2/0/1 is a trunk link that connects to a multicast router. 

D. An mrouter port is learned when a multicast data stream is received on that port from a multicast router. 

E. This switch is not configured as a multicast router. It is configured only for IGMP snooping. 

F. IGMP reports are received only on Gi2/0/1 and are never transmitted out Gi2/0/1 for VLANs 10 and 20. 

Answer: ABC 


QUESTION 8 

Refer to the exhibit. If a port is configured as shown and receives an untagged frame, of which 
VLAN will the untagged frame be a member? 
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Switch#show int fastEthernetO/1 switchport 
Name: FaO/1 
Switchport: Enabled 
Administrative Mode: dynamic auto 
Operational Mode: static access 
Administrative Trunking Encapsulation: dotlq 
Operational Trunking Encapsulation: native 
Negotiation of Trunking: On 
Access Mode VLAN: 2 (VLAN0002) 

Trunking Native Mode VLAN: 3 (VLAN0003) 

Administrative Native VLAN tagging: enabled 
Voice VLAN: none 

Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none 
Administrative private-vlan trunk Native VLAN tagging: enabled 
Administrative private-vlan trunk encapsulation: dotlq 
Administrative private-vlan trunk normal VLANs: none 
Administrative private-vlan trunk private VLANs: none 
Operational private-vlan: none 
Trunking VLANs Enabled: ALL 
Pruning VLANs Enabled: 2-1001 
Capture Mode Disabled 
Capture VLANs Allowed: ALL 

Protected: false 

Unknown unicast blocked: disabled 
Unknown multicast blocked: disabled 
Appliance trust: none 


A. VLAN 1 

B. VLAN 2 

C. VLAN 3 

D. VLAN 4 

Answer: B 


QUESTION 9 

Refer to the exhibit. Which statement describes the effect on the network if FastEthernetO/1 goes 
down temporarily? 
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Switch#show interfaces svitchport backup detail 
Switch Backup Interface Pairs: 

Active Interface Backup Interface State 


FastEthernetO/1 FastEthernetO/2 Active Up/Backup Standby 

Interface Pair : FaO/1, FaO/2 
Preemption Mode : off 

Bandwidth : 100000 Kbit <FaO/l), 10000 Kbit (FaO/2) 

Mac Address Move Update VIan : auto 


A. FastEthernetO/2 forwards traffic only until FastEthernetO/1 comes back up. 

B. FastEthernetO/2 stops forwarding traffic until FastEthernetO/1 comes back up. 

C. FastEthernetO/2 forwards traffic indefinitely. 

D. FastEthernetO/1 goes into standby. 

Answer: C 


QUESTION 10 

Refer to the exhibit. Routers R1, R2, and R3 are configured as shown, and traffic from R2 fails to 
reach 172.29.168.3. 

Which action can you take to correct the problem? 



FaO/1 Fa0/0 



Fa0/0 


Fa0/0 


in 179 9Q 



R1 

i 

interface FastEthernet0/0 
description TO R2 

ip address 172.17.17.1 25S.2S5.255.128 
1 

interface FastEthernetO/1 
description TO R3 

ip address 10.17.12.1 255.255.255.0 
1 

ip route 172.29.168.3 255.255.255.255 
172.17. 17.2 

1 

router eigrp 10 
no auto-summary 
network 172.17.17.0 0.0.0.127 
network 10.17.12.0 0.0.0.255 


R2 

i 

interface FastEthernet0/0 
description TO R1 

ip address 172.17.17.2 255.255.255.123 
1 

ip route 0.0.0.0 0.0.0.0 172.17.17.1 
1 

router eigrp 10 
no auto-summary 
network 172.17.17.0 0.0.0.255 

R3 

i 

interface loopbackO 

ip address 172.29.168.3 255.255.255.255 

i 

interface FastEthernet0/0 
description TO R1 

ip address 10.17.12.3 255.255.255.0 

i 

router eigrp 10 

no auto-summary 

network 172.29.168.3 0.0.0.0 

network 10.17.12.3 255.255.255.0 

i 


A. Correct the static route on R1. 
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B. Correct the default route on R2. 

C. Edit the EIGRP configuration of R3 to enable auto-summary. 

D. Correct the network statement for 172.29.168.3 on R3. 

Answer: A 


QUESTION 11 

Refer to the exhibit. R3 prefers the path through R1 to reach host 10.1.1.1. 
Which option describes the reason for this behavior? 



A. The OSPF reference bandwidth is too small to account for the higher speed links through R2. 

B. The default OSPF cost through R1 is less than the cost through R2. 

C. The default OSPF cost through R1 is more than the cost through R2. 

D. The link between R2 and R1 is congested. 

Answer: A 


QUESTION 12 

Refer to the exhibit. For which reason could a BGP-speaking device in autonomous system 
65534 be prevented from installing the given route in its BGP table? 
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*>172.21.55.0/22 172.17.152.1 0 120 0 £5534 £5535 £5100 £5235 ? 


A. The AS number of the BGP is specified in the given AS_PATH. 

B. The origin of the given route is unknown. 

C. BGP is designed only for publicly routed addresses. 

D. The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed. 

E. BGP does not allow the AS number 65535. 

Answer: A 


QUESTION 13 

Which statement about the feasibility condition in EIGRP is true? 

A. The prefix is reachable via an EIGRP peer that is in the routing domain of the router. 

B. The EIGRP peer that advertises the prefix to the router has multiple paths to the destination. 

C. The EIGRP peer that advertises the prefix to the router is closer to the destination than the router. 

D. The EIGRP peer that advertises the prefix cannot be used as a next hop to reach the destination. 

Answer: C 


QUESTION 14 

Which two statements about the function of the stub feature in EIGRP are true? (Choose two.) 

A. It stops the stub router from sending queries to peers. 

B. It stops the hub router from sending queries to the stub router. 

C. It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers . 

D. It stops the hub router from propagating dynamically learned EIGRP prefixes to the stub routers . 

Answer: BC 


QUESTION 15 

In which type of EIGRP configuration is EIGRP IPv6 VRF-Lite available? 

A. stub 

B. named mode 

C. classic mode 

D. passive 

Answer: B 


QUESTION 16 

Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency 
is not forming. Which two options are possible reasons that prevent OSPFv3 to form between 
these two routers? (Choose two.) 

A. mismatch of subnet masks 
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B. mismatch of network types 

C. mismatch of authentication types 

D. mismatch of instance IDs 

E. mismatch of area types 

Answer: DE 

QUESTION 17 

Like OSPFv2, OSPFv3 supports virtual links.Which two statements are true about the IPv6 
address of a virtual neighbor? (Choose two.) 

A. It is the link-local address, and it is discovered by examining the hello packets received from the 
virtual neighbor. 

B. It is the link-local address, and it is discovered by examining link LSA received by the virtual neighbor. 

C. It is the global scope address, and it is discovered by examining the router LSAs received by the 
virtual neighbor. 

D. Only prefixes with the LA-bit not set can be used as a virtual neighbor address. 

E. It is the global scope address, and it is discovered by examining the intra-area-prefix-LSAs received 
by the virtual neighbor. 

F. Only prefixes with the LA-bit set can be used as a virtual neighbor address. 

Answer: EF 


QUESTION 18 

Which field is specific to the OPSFv3 packet header, as opposed to the OSPFv2 packet header? 

A. checksum 

B. router ID 

C. AuType 

D. instance ID 

Answer: D 


QUESTION 19 

Which two functions are performed by the DR in OSPF? (Choose two.) 

A. The DR originates the network LSA on behalf of the network. 

B. The DR is responsible for the flooding throughout one OSPF area. 

C. The DR forms adjacencies with all other OSPF routers on the network, in order to synchronize the 
LSDB across the adjacencies. 

D. The DR is responsible for originating the type 4 LSAs into one area. 

Answer: AC 


QUESTION 20 

Refer to the exhibit. AS #1 and AS #2 have multiple EBGP connections with each other. AS #1 
wants all return traffic that is destined to the prefix 10.10.10.1/32 to enter through the router R1 
from AS #2. In order to achieve this routing policy, the AS 1 advertises a lower MED from R1, 
compared to a higher MED from R3, to their respective BGP neighbor for the prefix 
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10.10.10.0/24. Will this measure guarantee that the routing policy is always in effect? 



Provider X 


Provider Y 


A. Yes, because MED plays a deterministic role in return traffic engineering in BGP. 

B. Yes, because a lower MED forces BGP best-path route selection in AS #2 to choose R1 as the 
best path for 10.10.10.0/24. 

C. Yes, because a lower MED in AS #2 is the highest BGP attribute in BGP best-path route selection. 

D. No, AS #2 can choose to alter the weight attribute in R2 for BGP neighbor R1, and this weight value 
is cascaded across AS #2 for BGP best-path route selection. 

E. No, AS #2 can choose to alter the local preference attribute to overwrite the best-path route selection 
over the lower MED advertisement from AS #1. This local preference attribute is cascaded across AS #2 
for the BGP best-path route selection. 

Answer: E 


QUESTION 21 

Which regular expression will only allow prefixes that originated from AS 65000 and that are 
learned through AS 65001 ? 

A. A 65000_65001$ 

B. 65000_65001$ 

C. A 65000_65001 

D. A 65001_65000$ 

Answer: D 


QUESTION 22 

Which statement describes the BGP add-path feature? 

A. It allows for installing multiple IBGP and EBGP routes in the routing table. 

B. It allows a network engineer to override the selected BGP path with an additional path created in 
the config. 
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C. It allows BGP to provide backup paths to the routing table for quicker convergence. 

D. It allows multiple paths for the same prefix to be advertised. 

Answer: D 


QUESTION 23 

Refer to the exhibit. What does "(received-only)" mean? 


Rl>sh ip bgp 10.1.1.1 

3GP routing table entry for 10.1.0.0/16, version 182 

Paths: (2 available, best #1, table default, not advertised to EBGP peer) 
Advertised to update-groups: 

Refresh Epoch 1 
50811 65112 

172.28.1.5 from 172.28.1.5 (192.163.236.222) 

Origin incomplete, iocaipref 800, valid, external, best 
Community: no-export 
rx pathid: 0, tx pathid: 0x0 
Refresh Epoch 1 
50811 65112, (received-only) 

172.28.1.5 from 172.28.1.5 (192.168.236.222) 

Origin incomplete, Iocaipref 100, valid, external 
Community: 65112:21147 50311:11145 
rx pathid: 0, tx pathid: 0 

Rl> 


A. The prefix 10.1.1.1 can not be advertised to any eBGP neighbor. 

B. The prefix 10.1.1.1 can not be advertised to any iBGP neighbor. 

C. BGP soft reconfiguration outbound is applied. 

D. BGP soft reconfiguration inbound is applied. 

Answer: D 


QUESTION 24 

Refer to the exhibit. Which statement is true? 


Cfshow ipv6 route ::/0 

IPv6 Routing Table - 6 entries 

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP 

II - ISIS LI, 12 - ISIS L2, IA - ISIS interarea, IS - ISIS summary 
II ::/0 [115/10] 

via FE80::A3BB:CCFF:FE00:401, Ethernetl/O 
via ::, Ethernet0/0 


A. There is no issue with forwarding IPv6 traffic from this router. 

B. IPv6 traffic can be forwarded from this router, but only on Ethernetl/O. 

C. IPv6 unicast routing is not enabled on this router. 

D. Some IPv6 traffic will be blackholed from this router. 

Answer: D 
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QUESTION 25 

Refer to the exhibit. What is a reason for the RIB-failure? 


Rl#show bgp ipv4 unicast 10.100.1.1/32 
BGP routing table entry for 10.100.1.1/32, version 8 
Paths: (2 available, best #1, table default, RIB-failure(17)) 
Advertised to update-groups: 


Refresh Epoch 2 
4 


10.1.3.4 from 10.1.3.4 (10.100.1.1) 

Origin IGP, metric 0, localpref 100, valid, 
rx pathid: 0, tx pathid: 0x0 
Refresh Epoch 2 


5 4 

10.1.5.5 from 10.1.5.5 (10.1.5.5) 

Origin IGP, localpref 100, valid, external 
rx pathid: 0, tx pathid: 0 


external, best 


A. CEF is not enabled on this router. 

B. The route 10.100.1.1/32 is in the routing table, but not as a BGP route. 

C. The routing table has yet to be updated with the BGP route. 

D. The BGP route is filtered inbound and hence is not installed in the routing table. 

Answer: B 


QUESTION 26 

Refer to the exhibit. Which statement is true? 


Rl#show bgp ipv4 unicast summary 

BGP router identifier 1C.1.3.1, local AS number 1 
BGP table version is 2, main routing table version 2 
1 network entries using 144 bytes of memory 
1 path entries using 80 bytes of memory 

1/1 BGP path/bestpath attribute entries using 144 bytes of memory 
1 BGP AS-PATH entries using 24 bytes of memory 
0 BGP route-map cache entries using 0 bytes of memory 
0 BGP filter-list cache entries using C bytes of memory 
BGP using 392 total bytes of memory 

BGP activity 1/0 prefixes, 1/0 paths, scan interval 6C secs 


Neighbor 

V 

AS 

MsgRcvd MsgSent TblVer 

InQ 

CutQ 

Up/Down 

State/PfxRcd 

10.1.1.2 

4 

2 

69 

69 2 

0 

0 

01:00:54 

0 

1C.1.2.3 

4 

3 

69 

70 1 

0 

0 

01:00:45 

0 

10.1.3.4 

4 

4 

72 

70 2 

0 

0 

01:01:12 

1 


A. BGP peer 10.1.2.3 is performing inbound filtering. 

B. BGP peer 10.1.2.3 is a route reflector. 

C. R1 is a route reflector, but BGP peer 10.1.2.3 is not a route reflector client. 

D. R1 still needs to send an update to the BGP peer 10.1.2.3. 

Answer: D 
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QUESTION 27 

Refer to the exhibit. Router A and router B are physically connected over an Ethernet interface, 
and ISIS is configured as shown. Which option explains why the ISIS neighborship is not getting 
formed between router A and router B? 


RouterA# 
conf t 
router isis 

net 49.5200.1530.3500.6002.00 

RouterB# 
conf t 

router isis 1 

net 45.5200.1580.3500.6002.00 


A. same area ID 

B. same N selector 

C. same domain ID 

D. same system ID 

Answer: D 


QUESTION 28 

Refer to the exhibit. Which statement is true? 


R4#show isis database R4.00-00 detail 
IS-IS Level-2 LSP R4.00-00 

LSPID LSP Seq Num LSP Checksum LSP Holdtime 

R4.00-00 * 0x0Q0022BE 0xD36A 1194 


Area Address: 

49.0001 

NLPID: 


0x81 OxCC 0x8E 

Hostname 

s: R4 


IP Address: 

10.1.100.4 

IPv6 Address: 

2001:100::1:4 

Metric: 

10 

IS-Extended R3.00 

Metric: 

10 

IS-Extended R5.03 

Metric: 

10 

IP 10.1.1.0/24 

Metric: 

10 

IP 10.1.2.0/24 

Metric: 

10 

IP 10.1.3.0/24 

Metric: 

10 

IP 10.1.100.4/32 

Metric: 

50 

IP 10.200.200.200/32 

Metric: 

10 

IPv6 2001:1::1:0/112 

Metric: 

10 

IPv6 2001:1::2:0/112 

Metric: 

10 

IPv6 2001:100::1:4/1 


ATT/P/OL 

0 / 0/0 


A. IS-IS has been enabled on R4 for IPv6, single-topology. 

B. IS-IS has been enabled on R4 for IPv6, multitopology. 

C. IS-IS has been enabled on R4 for IPv6, single-topology and multitopology. 

D. R4 advertises IPv6 prefixes, but it does not forward IPv6 traffic, because the protocol has not been 

enabled under router IS-IS. 

Answer: A 
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QUESTION 29 

Refer to the exhibit. Why is the neighbor relationship between R2 and R4 shown as ES-IS? 



A. because there is an MTU mismatch between R2 and R4 

B. because interface S3/0 of R4 is configured as L1/L2 

C. because interface S3/0 of R2 is configured as LI 

D. because there is a hello interval mismatch between R2 and R4 

Answer: C 


QUESTION 30 

Refer to the exhibit. The interface FastEthernetO/1 of both routers R4 and R5 is connected to the 
same Ethernet segment with a multicast receiver. Which two statements are true? (Choose two) 


R4 

interface FastZthernetO/l 
ip address 192.168.2.1 255.255.255.0 
ip pim sparse-dense-mode 
duplex auto 
speed auto 

standby 1 ip 192.168.2.4 
standby 1 priority 150 
standby 1 preempt 

R5 

interface FastZthernetO/1 
ip address 192.168.2.2 255.255.255.0 
ip pim sparse-dense-mode 
duplex auto 
speed auto 

standby 1 ip 192.168.2.4 


A. Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R4. 

B. Both routers R4 and R5 will send PIM join messages to the RP. 

C. Only router R5 will send a multicast join message to the RP. 
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D. Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R5. 

Answer: CD 


QUESTION 31 

Refer to the exhibit. This is the configuration of the ASBR of area 110.Which option explains why 
the remote ABR should not translate the type 7 LSA for the prefix 192.168.0.0/16 into a type 5 
LSA? 

router ospf 100 
router-id 4.4.4.4 
area 110 nssa 

summary-address 192.168.0.0 255.255.0.0 nssa-oniy 
redistribute static metric-type 1 subnets tag 704 
network 110.110.0.0 0.0.255.255 area 110 


A. The remote ABR translates all type 7 LSA into type 5 LSA, regardless of any option configured in the ASBR. 

B. The ASBR sets the forwarding address to 0.0.0.0 which instructs the ABR not to translate the LSA into 
a type 5 LSA. 

C. The ASBR originates a type 7 LSA with age equal to MAXAGE 3600. 

D. The ABR clears the P bit in the header of the type 7 LSA for 192.168.0.0/16. 

Answer: D 


QUESTION 32 

What is the function of an EIGRP sequence TLV packet? 

A. to acknowledge a set of sequence numbers during the startup update process 

B. to list the peers that should listen to the next multicast packet during the reliable multicast process 

C. to list the peers that should not listen to the next multicast packet during the reliable multicast process 

D. to define the initial sequence number when bringing up a new peer 

Answer: C 


QUESTION 33 

What are two reasons to define static peers in EIGRP? (Choose two.) 

A. Security requirements do not allow dynamic learning of neighbors. 

B. The link between peers requires multicast packets. 

C. Back-level peers require static definition for successful connection. 

D. The link between peers requires unicast packets. 

Answer: AD 


QUESTION 34 

Refer to the exhibit. R2 is mutually redistributing between EIGRP and BGP. 
Which configuration is necessary to enable R1 to see routes from R3? 
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A. The R3 configuration must include ebgp-multihop to the neighbor statement for R2. 

B. The R2 BGP configuration must include bgp redistribute-internal. 

C. R1 must be configured with next-hop-self for the neighbor going to R2. 

D. The AS numbers configured on R1 and R2 must match. 

Answer: B 


QUESTION 35 

What is the purpose of EIGRP summary leaking? 

A. to allow a summary to be advertised conditionally on specific criteria 

B. to allow a component of a summary to be advertised in addition to the summary 

C. to allow overlapping summaries to exist on a single interface 

D. to modify the metric of the summary based on which components of the summary are operational 

Answer: B 


QUESTION 36 

Refer to the exhibit. You have just created a new VRF on PE3. You have enabled debug ip bgp 
vpnv4 unicast updates on PEI, and you can see the route in the debug, but not in the BGP 
VPNv4 table. Which two statements are true? (Choose two.) 


*May20 12:16: BGP(4):10.1.1.2 rcvd UPDATE w/ attr:nexthop 10.1.1.2,origin ?, locaipref 100,metric 0,extended community RT:999:599 
*May20 12:16: BGP(4>:10.1.1.2 rcvd 995:999:192.168.1.99/32,label 29—DENIED due to:extended community not supported 


A. VPNv4 is not configured between PEI and PE3. 

B. address-family ipv4 vrf is not configured on PE3. 

C. After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted. 

D. PEI will reject the route due to automatic route filtering. 

E. After you configure route-target import 999:999 for a VRF on PEI, the route will be accepted. 

Answer: DE 
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QUESTION 37 

In GETVPN, which key is used to secure the control plane? 

A. Traffic Encryption Key (TEK) 

B. content encryption key (CEK) 

C. message encryption key (MEK) 

D. Key Encryption Key (KEK). 

Answer: D 


QUESTION 38 

Refer to the exhibit. NHRP registration is failing; what might be the problem? 


R6#debug nhrp 

NHRP protocol debugging is on 

‘Apr 14 02:05:29.416: NHRP: Attempting to send packet through interface TunnelO via DEST dst 10.250.20.1 

‘Apr 14 02:05:29.416: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 192.168.1.1 

•Apr 14 02:05:29.416: NHRP: Send Registration Request via TunnelO vrf 0, packet size: 105 

‘Apr 14 02:05:29.416: src: 10.250.20.6, dst: 10.250.20.1 

‘Apr 14 02:05:29.416: NHRP: 133 bytes out TunnelO 

‘Apr 14 02:05:29.416: NHRP: Resetting retransmit due to hold-timer for 10.250.20.1 

‘Apr 14 02:05:30.306: NHRP: Setting retrans delay to 2 for nhs dst 10.250.20.1 

R6#sh ip nhrp brief 

Target Via NBMA Mode Intfc Claimed 

R6# 


A. invalid IP addressing 

B. fragmentation 

C. incorrect NHRP mapping 

D. incorrect NHRP authentication 

Answer: D 


QUESTION 39 

Which statement is true comparing L2TPv3 to EoMPLS? 

A. L2TPv3 requires OSPF routing, whereas EoMPLS does not. 

B. EoMPLS requires BGP routing, whereas L2TPv3 does not. 

C. L2TPv3 carries L2 frames inside MPLS tagged packets, whereas EoMPLS carries L2 frames inside 
IPv4 packets. 

D. L2TPv3 carries L2 frames inside IPv4 packets, whereas EoMPLS carries L2 frames inside MPLS packets. 

Answer: D 


QUESTION 40 

Which statement is true about VPLS? 

A. MPLS is not required for VPLS to work. 

B. VPLS carries packets as Layer 3 multicast. 

C. VPLS has been introduced to address some shortcomings of OTV. 

D. VPLS requires an MPLS network. 
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Answer: D 


QUESTION 41 

Refer to the exhibit. Service provider SP 1 is running the MPLS-VPN service. The MPLS core 
network has MP-BGP configured with RR-1 as route reflector. What will be the effect on traffic 
between PEI and PE2 if router PI goes down? 


Customer 1 
SiteC 



A. No effect, because all traffic between PEI and PE2 will be rerouted through P2. 

B. No effect, because PI was not the only P router in the forwarding path of traffic. 

C. No effect, because RR-1 will find an alternative path for MP-BGP sessions to PE-1 and PE-2. 

D. All traffic will be lost because RR-1 will lose the MP-BGP sessions to PE-1 and PE-2. 

Answer: D 


QUESTION 42 

According to RFC 4577, OSPF for BGP/MPLS IP VPNs, when must the down bit be set? 

A. when an OSPF route is distributed from the PE to the CE, for Type 3 LSAs 

B. when an OSPF route is distributed from the PE to the CE, for Type 5 LSAs 

C. when an OSPF route is distributed from the PE to the CE, for Type 3 and Type 5 LSAs 

D. when an OSPF route is distributed from the PE to the CE, for all types of LSAs 

Answer: C 
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QUESTION 43 

Refer to the exhibit. What is a possible reason for the IPSEC tunnel not establishing? 

IPSSC(ipsec process proposal) : proxy identities not supported 


A. The peer is unreachable. 

B. The transform sets do not match. 

C. The proxy IDs are invalid. 

D. The access lists do not match. 

Answer: D 


QUESTION 44 

What is a key advantage of Cisco GET VPN over DMVPN? 

A. Cisco GET VPN provides zero-touch deployment of IPSEC VPNs. 

B. Cisco GET VPN supports certificate authentication for tunnel establishment. 

C. Cisco GET VPN has a better anti-replay mechanism. 

D. Cisco GET VPN does not require a secondary overlay routing infrastructure. 

Answer: D 


QUESTION 45 

Refer to the exhibit. What is wrong with the configuration of the tunnel interface of this DMVPN 
Phase II spoke router? 


interface TunnelO 

ip address 172.16.1.2 255.255.255.0 
ip nhrp map 172.16.1.1 192.163.1.1 
ip nhrp network-id 1 
ip nhrp nhs 172.16.1.1 
tunnel source 192.168.2.2 
ip mtu 1416 


A. The interface MTU is too high. 

B. The tunnel destination is missing. 

C. The NHRP NHS IP address is wrong. 

D. The tunnel mode is wrong. 

Answer: D 


QUESTION 46 

Which two statements are true about VPLS? (Choose two.) 

A. It can work over any transport that can forward IP packets. 

B. It provides integrated mechanisms to maintain First Hop Resiliency Protocols such as HSRP, VRRP, 
orGLBP. 
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C. It includes automatic detection of multihoming. 

D. It relies on flooding to propagate MAC address reachability information. 

E. It can carry a single VLAN per VPLS instance. 

Answer: DE 


QUESTION 47 

Refer to the exhibit. What will be the extended community value of this route? 


ip vrf Custl23 
rd 200:3000 

export map Custl23mgmt 
route-target export 200:3000 

I 

route-map Custl23mgmt permit 10 
set extcommunity rt 200:9595 


A. RT:200:3000 RT:200:9999 

B. RT:200:9999 RT:200:3000 

C. RT:200:3000 

D. RT:200:9999 

Answer: D 


QUESTION 48 

Refer to the exhibit. Which statement is true? 


CEl#trace 

Protocol [ip]: ipv6 

Target IPv6 address: 2C01:db8:IOC:1::7 
Source address: 2001:db8:ICO:1::5 
Insert source routing header? [no]: 

Numeric display? [no]: 

Timeout in seconds [3]: 

Probe count [3]: 

Minimum Time to Live [1]: 

Maximum Time to Live [3C]: 

Priority [0]: 

Port Number [C]: 

Type escape sequence to abort. 

Tracing the route to 20C1:10:10C:1::7 

1 20C1:db8:1:5::1 1 msec 1 msec 1 msec 

2 ::FFFF:10.1.2.4 [MPLS: Labels 17/23 Exp 0] 2 msec 2 msec 2 msec 

3 20C1:db8:1:7::2 [AS 1] [MPLS: Label 23 Exp 0] 2 msec 1 msec 1 msec 

4 20C1:db8:1:7::7 [AS 1] 2 msec 1 msec 2 msec 


A. There is an MPLS network that is running 6PE, and the ingress PE router has no mpls ip propagate-ttl. 

B. There is an MPLS network that is running 6VPE, and the ingress PE router has no mpls ip propagate-ttl. 
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C. There is an MPLS network that is running 6PE or 6VPE, and the ingress PE router has mpls ip propagate-ttl. 

D. There is an MPLS network that is running 6PE, and the ingress PE router has mpls ip propagate-ttl. 

E. There is an MPLS network that is running 6VPE, and the ingress PE router has mpls ip propagate-ttl. 

Answer: C 


QUESTION 49 

Refer to the exhibit. Which statement is true about a VPNv4 prefix that is present in the routing 
table of vrf one and is advertised from this router? 


vrf definition one 
rd 1:1 

route-target export 100:1 
route-target import 100:1 

i 

address-family ipv4 
route-target import 100:2 
exit-address-family 

j 

address-family ipv6 
route-target export 100:3 
route-target import 100:3 
exit-address-family 


A. The prefix is advertised only with route target 100:1. 

B. The prefix is advertised with route targets 100:1 and 100:2. 

C. The prefix is advertised only with route target 100:3. 

D. The prefix is not advertised. 

E. The prefix is advertised with route targets 100:1, 100:2, and 100:3. 

Answer: A 


QUESTION 50 

Which is the way to enable the control word in an L2 VPN dynamic pseudowire connection on 
router R1 ? 

A. R1(config)# pseudowire-class cw-enable 
R1(config-pw-class)# encapsulation mpls 
R1(config-pw-class)# set control-word 

B. R1(config)# pseudowire-class cw-enable 
R1(config-pw-class)# encapsulation mpls 
R1(config-pw-class)# enable control-word 

C. R1(config)# pseudowire-class cw-enable 
R1(config-pw-class)# encapsulation mpls 
R1(config-pw-class)# default control-word 

D. R1(config)# pseudowire-class cw-enable 
R1(config-pw-class)# encapsulation mpls 
R1(config-pw-class)# control-word 
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Answer: D 


QUESTION 51 

What is the goal of Unicast Reverse Path Forwarding? 

A. to verify the reachability of the destination address in forwarded packets 

B. to help control network congestion 

C. to verify the reachability of the destination address in multicast packets 

D. to verify the reachability of the source address in forwarded packets 

Answer: D 


QUESTION 52 

Which three features are considered part of the IPv6 first-hop security suite? (Choose three.) 

A. DNS guard 

B. destination guard 

C. DHCP guard 

D. ICMP guard 

E. RA guard 

F. DoS guard 

Answer: BCE 


QUESTION 53 

Refer to the exhibit. Why is the router not accessible via Telnet on the GigabitEthernetO 
management interface? 

interface GigabitEthernetO 
ip vrf forwarding Mgmt-intf 
ip address 1.1.1.1 155.255.155.0 

ip access-list extended telnet-aci 
permit tcp any 1.1.1.1 0.0.0.0 eg 23 log 

line vty 0 4 

access-class telnet-acl in 
transport input telnet 


A. The wrong port is being used in the telnet-acl access list. 

B. The subnet mask is incorrect in the telnet-acl access list. 

C. The log keyword needs to be removed from the telnet-acl access list.. 

D. The access class needs to have the vrf-also keyword added. 

Answer: D 


QUESTION 54 

Which three modes are valid PfR monitoring modes of operation? (Choose three.) 
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A. route monitor mode (based on BGP route changes) 

B. RMON mode (based on RMONvl and RMONv2 data) 

C. passive mode (based on NetFlow data) 

D. active mode (based on Cisco IP SLA probes) 

E. fast mode (based on Cisco IP SLA probes) 

F. passive mode (based on Cisco IP SLA probes) 

Answer: CDE 


QUESTION 55 

Refer to the exhibit. Which statement is true? 


MC#sh pfr master 

border detail 







Border 

Status UP/DOWN 


AuthFail 

Version 



10.1.1.1 

ACTIVE UP 

00:52:21 


0 

3.0 



EtO/O 

INTERNAL UP 







EtO/1 

EXTERNAL UP 







External 

Capacity 

Max BW 

BW Used 


Load Status 

Exit 

Id 

Interface 

(kbps) 

(kbps) 

(kbps) 


(%) 



EtO/1 

Tx 500 

450 

192 


39 UP 


2 


Rx 

500 

49 


9 



Border 

Status UP/DOWN 


AuthFail 

Version 



10.1.1.2 

ACTIVE UP 

00:52:21 


0 

3.0 



EtO/O 

INTERNAL UP 







EtO/1 

EXTERNAL UP 







External 

Capacity 

Max BW 

BW Used 


Load Status 

Exit 

Id 

Interface 

(kbps) 

(kbps) 

(kbps) 


(%) 



EtO/1 

Tx 500 

450 

175 


33 UP 


1 


Rx 

500 

0 


0 




A. The Cisco PfR state is UP; however, the external interface EtO/1 of border router 10.1.1.1 has exceeded 
the maximum available bandwidth threshold. 

B. The Cisco PfR state is UP; however, an issue is preventing the border router from establishing a TCP 
session to the master controller. 

C. The Cisco PfR state is UP and is able to monitor traffic flows; however, MD5 authentication has not been 
successful between the master controller and the border routers. 

D. The Cisco PfR State is UP; however, the receive capacity was not configured for inbound traffic. 

E. The Cisco PfR state is UP, and the link utilization out-of-policy threshold is set to 90 percent for traffic 
exiting the external links. 

Answer: E 


QUESTION 56 

In the DiffServ model, which class represents the highest priority with the highest drop 
probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 
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Answer: D 


QUESTION 57 

Refer to the exhibit. Which statement about this IP SLA is true? 


Entry number: 1 
Owner: 

Tag: 

Type of operation to perform: echo 

Target acldress/Source address: 172.16.129. S/0.0.0.0 

Type of Service parameter: 0x0 

Request size (APP. data portion): 28 

Operation timeout (milliseconds): 5000 

Verify data: No 

Vrf Name: 

Schedule: 

Operation frequency (seconds): 10 
Next Scheduled Start Time: Pending trigger 
Group Scheduled : FALSE 
Randomly Scheduled : FALSE 
Life (seconds): 3600 
Entry Ageout (seconds): never 
Recurring (Starting Everyday): FAXSE 
Status of entry (SNMP RowStatus): notlnService 
Threshold (milliseconds): 5000 
Distribution Statistics: 

Number of statistic hours kept: 2 
Number of statistic distribution buckets kept: 1 
Statistic distribution interval (milliseconds): 20 
History Statistics: 

Number of history Lives kept: 0 
Humber of history Buckets kept: 15 
History Filter Type: None 
Enhanced History: 


A. The SLA must also have a schedule configured before it will start. 

B. The TTL of the SLA packets is 10. 

C. The SLA has a timeout of 3.6 seconds. 

D. The SLA has a lifetime of 5 seconds. 

Answer: A 


QUESTION 58 

Refer to the exhibit. Which two are causes of output queue drops on FastEthernet0/0? (Choose 
two.) 
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#show interface FastSthernetO/O 
FastSthernetO/O is up, line protocol is up 

Hardware is PQII_PRG_UEC, address is 0024.14ac.0d3c (bia 001f.9e3c.a5c2) 
Internet address is 1.1.1.1/24 

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 10 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation ARPA, loopback not set 
Keepalive set (10 sec) 

Full Duplex, 100Mbps, media type is RJ45 

output flow-control is XON, input flow-control is XON 

ARP type: ARPA, ARP Timeout 04:00:00 

Last input 00:00:00, output 00:00:00, output hang never 
Last clearing of "show interface" counters never 

Input queue: 0/1000/0/0 (size/max/drops/flushes); Total output drops: 10000 

Queueing strategy: Class-based queueing 

Output queue: 100/1000/10000 (size/max total/drops) 

30 second input rate 361000 bits/sec, 204 packets/sec 
30 second output rate 711000000 bits/sec, 223000 packets/sec 
1221583901 packets input, 3044421428 bytes, 0 no buffer 
Received 91124750 broadcasts (0 IP multicasts) 

0 runts, 0 giants, 0 throttles 

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 
0 watchdog, 0 multicast, 0 pause input 

1090847722 packets output, 756667418 bytes, 0 underruns 
0 output errors, 0 collisions, 0 interface resets 
0 unknown protocol drops 
0 babbies, 0 late collision, 0 deferred 
0 lost carrier, 0 no carrier, 0 pause output 
0 output buffer failures, 0 output buffers swapped out 


A. an oversubscribed input service policy on FastEthernetO/O 

B. a duplex mismatch on FastEthernetO/O 

C. a bad cable connected to FastEthernetO/O 

D. an oversubscribed output service policy on FastEthernetO/O 

E. The router trying to send more than 100 Mb/s out of FastEthernetO/O 

Answer: DE 


QUESTION 59 

Which three actions are required when configuring NAT-PT? (Choose three.) 

A. Enable NAT-PT globally. 

B. Specify an IPv4-to-IPv6 translation. 

C. Specify an IPv6-to-IPv4 translation. 

D. Specify a ::/96 prefix that will map to an IPv4 address. 

E. Specify a ::/48 prefix that will map to a MAC address. 

F. Specify a ::/32 prefix that will map to an IPv6 address. 

Answer: BCD 


QUESTION 60 

Which two DHCP messages are always sent as broadcast? (Choose two.) 
A. DHCPOFFER 
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B. DHCPDECLINE 

C. DHCPRELEASE 

D. DHCPREQUEST 

E. DHCPDISCOVER 

Answer: DE 


QUESTION 61 

Refer to the exhibit. Which statement about the output is true? 


Router#show 

[...] 

Srclf 

ip cache flow 






SrcIPaddress 

Dstlf 

DstIPaddress 

Pr 

SrcP 

DstP Pkts 

VI1 

144.254.10.206 

Local 

10.48.77.208 

06 

C363 

01BB 


A. The flow is an HTTPS connection to the router, which is initiated by 144.254.10.206. 

B. The flow is an HTTP connection to the router, which is initiated by 144.254.10.206. 

C. The flow is an HTTPS connection that is initiated by the router and that goes to 144.254.10.206. 

D. The flow is an HTTP connection that is initiated by the router and that goes to 144.254.10.206. 

Answer: A 


QUESTION 62 

Refer to the exhibit. Which statement about this COS-DSCP mapping is true? 



A. COS 3 is mapped to the expedited forwarding DSCP. 

B. COS 16 is mapped to DSCP 2. 

C. The default COS is mapped to DSCP 32. 

D. This mapping is the default COS-DSCP mapping on Cisco switches. 

Answer: A 


QUESTION 63 

Which three statements about implementing a NAT application layer gateway in a network are 
true? (Choose three.) 

A. It allows client applications to use dynamic ports to communicate with a server regardless of whether 
NAT is being used. 

B. It maintains granular security over application-specific data. 

C. It allows synchronization between multiple streams of data between two hosts. 

D. Application layer gateway is used only in VolP/SIP deployments. 

E. Client applications require additional configuration to use an application layer gateway. 
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F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through 
the network. 

Answer: ABC 


QUESTION 64 

Refer to the exhibit. At which location will the benefit of this configuration be observed? 


RouterA(config)lip options drop 


A. on Router A and its upstream routers 

B. on Router A and its downstream routers 

C. on Router A only 

D. on Router A and all of its ARP neighbors 

Answer: B 


QUESTION 65 

Where is multicast traffic sent, when it is originated from a spoke site in a DMVPN phase 2 cloud? 

A. spoke-spoke 

B. nowhere, because multicast does not work over DMVPN 

C. spoke-spoke and spoke-hub 

D. spoke-hub 

Answer: D 


QUESTION 66 

Refer to the exhibit. A spoke site that is connected to Router-A cannot reach a spoke site that is 
connected to Router- B, but both spoke sites can reach the hub. What is the likely cause of this 
issue? 


Router-A# show ip nhrp 

10.0.2.1/32 via 10.0.2.1, TunnelO created 00:00:21, expire 00:05:38 
Type: dynamic. Flags: authoritative unique registered used 
NBMA address: 144.254.21.2 

(Claimed NBMA address: 172.16.2.1) 

Router-B# show ip nhrp 

10.0.1.1/32 via 10.0.1.1, TunnelO created 00:00:13, expire 00:05:48 
Type: dynamic. Flags: authoritative unique registered used 
NBMA address: 72.34.1.2 


A. There is a router doing PAT at site B. 

B. There is a router doing PAT at site A. 

C. NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address. 

D. There is a routing issue, as NHRP registration is working. 
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Answer: B 


QUESTION 67 

Which mechanism can be used on Layer 2 switches so that only multicast packets with 
downstream receivers are sent on the multicast router-connected ports? 

A. IGMP snooping 

B. Router Guard 

C. PIM snooping 

D. multicast filtering 

Answer: C 


QUESTION 68 

What is the cause of ignores and overruns on an interface, when the overall traffic rate of the 
interface is low? 

A. a hardware failure of the interface 

B. a software bug 

C. a bad cable 

D. microbursts of traffic 

Answer: D 


QUESTION 69 

With which ISs will an ISIS Level 1 IS exchange routing information? 

A. Level 1 ISs 

B. Level 1 ISs in the same area 

C. Level 1 and Level 2 ISs 

D. Level 2 ISs 

Answer: B 


QUESTION 70 

Refer to the exhibit. Why is the neighbor relationship between R1 & R2 and R1 & R3 an L2-type 
neighborship? 
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router isia 
net 48 . 0001 .0000.0000.0001.00 


router iaia 

net 49.0001.0 



Rlishow clns neighbors 


System 

Id SNPA 

Interface 

State 

Holdtime 

Type 

Protocol 

R2 

0000.0c76.f098 

EtO 

up 

27 

L2 

IS-IS 

R3 

0000.0c76.f096 

EtO 

Up 

26 

L2 

IS-IS 


A. because the area ID on R1 is different as compared to the area ID of R2 and R3 

B. because the circuit type on those three routers is L1/L2 

C. because the network type between R1, R2, and R3 is point-to-point 

D. because the hello interval is not the same on those three routers 

Answer: A 


QUESTION 71 

Which three statements about the designated router election in IS-IS are true? (Choose three.) 

A. If the IS-IS DR fails, a new DR is elected. 

B. The IS-IS DR will preempt. If a new router with better priority is added, it just becomes active in the network. 

C. If there is a tie in DR priority, the router with a higher IP address wins. 

D. If there is a tie in DR priority, the router with a higher MAC address wins. 

E. If the DR fails, the BDR is promoted as the DR. 

F. The DR is optional in a point-to-point network. 

Answer: ABD 


QUESTION 72 

Which three elements compose a network entity title? (Choose three.) 

A. area ID 

B. domain ID 

C. system ID 

D. NSAP selector 

E. MAC address 

F. IP address 

Answer: ACD 


QUESTION 73 

Which statement about shaped round robin queuing is true? 
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A. Queues with higher configured weights are serviced first. 

B. The device waits a period of time, set by the configured weight, before servicing the next queue. 

C. The device services a single queue completely before moving on to the next queue. 

D. Shaped mode is available on both the ingress and egress queues. 

Answer: A 


QUESTION 74 

Refer to the exhibit. You discover that only 1.5 Mb/s of web traffic can pass during times of 
congestion on the given network. 



class-map VOICE 

match ip dscp ef 

class-map VIDEO 

match ip dscp 41 

policy-map EGRESS 

class VOICE 

priority percent 20 

class VIDEO 

bandwidth percent 50 

class class-default 

bandwidth remaining percent 15 

i 

interface FastEthernet0/0 
description CUSTOMER-100Mbps 
ip address 192.168.1.1 255.255.255.0 
1 

interface FastEthernet0/1 
description INTERNET- 10Mbps 
ip address 209.165.200.226 255.255.255.224 
service-policy output EGRESS 


Which two options are possible reasons for this limitation? (Choose two.) 

A. The web traffic class has too little bandwidth reservation. 

B. Video traffic is using too much bandwidth. 

C. The service-policy is on the wrong interface. 

D. The service-policy is going in the wrong direction. 

E. The NAT policy is adding too much overhead. 

Answer: AB 
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QUESTION 75 

Refer to the exhibit. Which statement about the debug behavior of the device is true? 


San_Jose#shov debug 

Load for five secs: 0%/0%; one minute: 0%; five mnutes: 0% 
Time source is NTP, 09:10:59.124 PST Thu Aug 22 2013 
Condition 1: ip 172.16.129.4 <0 flags triggered) 


A. The device debugs all IP events for 172.16.194.4. 

B. The device sends all debugging information for 172.16.194.4. 

C. The device sends only NTP debugging information to 172.16.194.4. 

D. The device sends debugging information every five seconds. 

Answer: A 


QUESTION 76 

Refer to the exhibit. Which statement about this device configuration is true? 


snmp-server 
snmp-server 
snmp-server 
snmp-server 
snmp-server 
snmp-server 
snmp-server 
snmp-server 
snmp-server 
snmp-server 


community public R0 2 
trap-source LoopbackO 
chassis-id HONGKONG 

enable traps snmp linkdown linkup coldstart 

enable traps ospf state-change 

enable traps bgp state-changes 

enable traps pim neighbor-change 

enable traps cpu threshold 

enable traps mpis ldp 

host 192.163.252.254 version 2c public 


A. The NMS needs a specific route configured to enable it to reach the LoopbackO interface of the device. 

B. The ifindex of the device could be different when the device is reloaded. 

C. The device will allow anyone to poll it via the public community. 

D. The device configuration requires the AuthNoPriv security level. 

Answer: B 


QUESTION 77 

Which three steps are necessary to enable SSH? (Choose three.) 

A. generating an RSA or DSA cryptographic key 

B. configuring the version of SSH 

C. configuring a domain name 

D. configuring VTY lines for use with SSH 

E. configuring the port for SSH to listen for connections 

F. generating an AES or SHA cryptographic key 
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Answer: ACD 


QUESTION 78 

Which two features does the show ipv6 snooping features command show information about? 
(Choose two.) 

A. RA guard 

B. DHCP guard 

C. ND inspection 

D. source guard 

Answer: AC 


QUESTION 79 

Refer to the exhibit. Which two statements about how the configuration processes Telnet traffic 
are true? (Choose two.) 


Rllsh policy-map control-plane 

Service-policy input: CoPP-POLICY 

Class-map: CoPP-CLASS <match-all| 

8 packets, 480 bytes 

5 minute offered rate 0 bps, drop rate 0 bps 

Match: access-group name R5-TQ-R2 

police: 

rate 10 pps, burst 0 packets 
conformed 0 packets; actions: 
drop 

exceeded 8 packets; actions: 
drop 

conformed 0 pps, exceed 0 pps 

Class-map: class-default (match-any} 

925 packets, 86355 bytes 

5 minute offered rate 0 bps, drop rate 0 bps 
Match: any 

Rllsh access-lists 

Extended IP access list RS-T0-R2 

10 permit tcp host 10.1.1.5 host 10.10.10.1 eq telnet (4 matches) 
20 deny tcp any any eq telnet <5 matches) 


A. Telnet traffic from 10.1.1.9 to 10.10.10.1 is dropped. 

B. All Telnet traffic is dropped. 

C. Telnet traffic from 10.10.10.1 to 10.1.1.9 is permitted. 

D. Telnet traffic from 10.1.1.9 to 10.10.10.1 is permitted. 

E. Telnet traffic is permitted to all IP addresses. 

Answer: AC 
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QUESTION 80 

Which three statements are functions that are performed by IKE phase 1? (Choose three.) 

A. It builds a secure tunnel to negotiate IKE phase 1 parameters. 

B. It establishes IPsec security associations. 

C. It authenticates the identities of the IPsec peers. 

D. It protects the IKE exchange by negotiating a matching IKE SA policy. 

E. It protects the identities of IPsec peers. 

F. It negotiates IPsec SA parameters. 

Answer: CDE 


QUESTION 81 

The session status for an IPsec tunnel with IPv6-in-IPv4 is down with the error message IKE 
message from 10.10.1.1 failed its sanity check or is malformed. 

Which statement describes a possible cause of this error? 

A. There is a verification failure on the IPsec packet. 

B. The SA has expired or has been cleared. 

C. The pre-shared keys on the peers are mismatched. 

D. There is a failure due to a transform set mismatch. 

E. An incorrect packet was sent by an IPsec peer. 

Answer: C 


QUESTION 82 

Which three statements describe the characteristics of a VPLS architecture? (Choose three.) 

A. It forwards Ethernet frames. 

B. It maps MAC address destinations to IP next hops. 

C. It supports MAC address aging. 

D. It replicates broadcast and multicast frames to multiple ports. 

E. It conveys MAC address reachability information in a separate control protocol. 

F. It can suppress the flooding of traffic. 

Answer: ACD 


QUESTION 83 

A GRE tunnel is down with the error message %TUN-5-RECURDOWN: 

TunnelO temporarily disabled due to recursive routing error. 

Which two options describe possible causes of the error? (Choose two.) 

A. Incorrect destination IP addresses are configured on the tunnel. 

B. There is link flapping on the tunnel. 

C. There is instability in the network due to route flapping. 

D. The tunnel mode and tunnel IP address are misconfigured. 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


33 














Pass Leader 

Leader of IT Certifications 


E. The tunnel destination is being routed out of the tunnel interface. 

Answer: CE 


QUESTION 84 

Refer to the exhibit. Which two statements about the VPN solution are true? (Choose two.) 




Customer B 


Customer A 


VPN 1 
Import 10:1 
Export 10:1 


VPN 2 
Import 20:1 
Export 20:1 


VPN 1 

Import 10 1,20 1 
ort 10 1 20 1 


Customer C 


A. Customer A and customer B will exchange routes with each other. 

B. R3 will advertise routes received from R1 to R2. 

C. Customer C will communicate with customer A and B. 

D. Communication between sites in VPN1 and VPN2 will be blocked. 

E. R1 and R2 will receive VPN routes advertised by R3. 

Answer: CE 


QUESTION 85 

Which three statements about IS-IS are true? (Choose three.) 

A. IS-IS can be used only in the service provider network. 

B. IS-IS can be used to route both IP and CLNP. 

C. IS-IS has three different levels of authentication: interface level, process level, and domain level. 

D. IS-IS is an IETF standard. 

E. IS-IS has the capability to provide address summarization between areas. 

Answer: BCE 
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QUESTION 86 

Which mechanism does Cisco recommend for CE router interfaces that face the service provider 
for an EVPL circuit with multiple EVCs and multiple traffic classes? 

A. HCBWFQ 

B. LLQ 

C. tail drop 

D. WRED 

Answer: A 


QUESTION 87 

Which Carrier Ethernet service supports the multiplexing of multiple point-to-point EVCs across 
as a single UNI? 

A. EPL 

B. EVPL 

C. EMS 

D. ERMS 

Answer: B 


QUESTION 88 

Refer to the exhibit. Which two statements about the EEM applet configuration are true? (Choose 
two.) 


event manager applet LARGECONFIG 

event cli pattern "shov running-config” sync yes 

action 1.0 puts "Warning 1 This device has a VERY LAP.GE configuration 
and may take some time to process" 
action 1.1 puts nonevline "Do you wish to continue [Y/N]" 
action 1.2 gets response 
action 1.3 string toupper ’’^response" 
action 1.4 string match "$_string_result" " 7 " 
action 2.0 if $_string_result eq 1 
action 2.1 cli command "enable” 
action 2.2 cli command "shov running-config" 
action 2.3 puts $_cli_result 
action 2.4 cli command "exit” 
action 2.9 end 


A. The EEM applet runs before the CLI command is executed. 

B. The EEM applet runs after the CLI command is executed. 

C. The EEM applet requires a case-insensitive response. 

D. The running configuration is displayed only if the letter Y is entered at the CLI. 

Answer: AD 
Explanation: 

sync 
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Indicates whether the policy should be executed synchronously before the CLI command 
executes. 

If the yes keyword is specified, the policy will run synchronously with the CLI command. 

If the no keyword is specified, the policy will run asynchronously with the CLI command, 
nocase 

(Optional) Specifies case insensitive comparison. 

Here we see that the sync knob was enabled so A is correct. However, C is not correct as the 
nocase argument was not used, so the applet is configured to display the config only if a capital Y 
is issued. 

http://www.cisco.eom/c/en/us/td/docs/ios-xml/ios/eem/command/eem-crbook/eem-cr-a2.html 


QUESTION 89 

Which technology can be used to prevent flooding of IPv6 multicast traffic on a switch? 

A. IGMP snooping 

B. IGMP filtering 

C. MLD snooping 

D. MLD filtering 

Answer: C 


QUESTION 90 

Which variable in an EEM applet is set when you use the sync yes option? 

A. $_cli_result 

B. $_result 

C. $_string_result 

D. $_exit_status 

Answer: D 


QUESTION 91 

Refer to the exhibit. Which two statements about the output are true? (Choose two.) 
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Flow export v5 is enabled for main cache 
Export source and destination details : 
VRF ID : Default 

Destination(1) 10.5.206.250 <5995) 

Version 5 flow records 
Cache for prefix aggregation: 

Flow export is disabled 
53 flows exported in 18 udp datagrams 


0 flows failed due to 
0 export packets were 
0 export packets were 
0 export packets were 
0 export packets were 
0 export packets were 
0 export packets were 
0 export packets were 
0 export packets were 


lack of export packet 

sent up to process level 

dropped due to no fib 

dropped due to adjacency issues 

dropped due to fragmentation failures 

dropped due to encapsulation fixup failures 

dropped enqueuing for the RP 

dropped due to IPC rate limiting 

dropped due to Card not being able to export 


A. It indicates that prefix aggregation cache export is enabled on the device. 

B. It was obtained with the show ip cache flow command. 

C. It indicates that the device is using NetFlow version 5. 

D. It indicates that the flows are being sent to a destination using an RFC1918 address. 

Answer: CD 
Explanation: 

C. The fourth line shows that Version 5 is being used. 

D. The third line shows that the destination server is 10.5.206.250, which of course is a private, 
RFC 1918 address. 


QUESTION 92 

Which two options are advantages of NetFlow version 9 over NetFlow version 5? (Choose two.) 

A. NetFlow version 9 adds support for IPv6 headers. 

B. NetFlow version 9 adds support for MPLS labels. 

C. NetFlow version 9 adds support for the Type of Service field. 

D. NetFlow version 9 adds support for ICMP types and codes. 

Answer: AB 


QUESTION 93 

Which statement describes the function of the tracking object created by the track 10 ip route 
192.168.99.0/24 reachability command? 

A. It tracks the reachability of route 192.168.99.0/24. 

B. It tracks the line protocol status of the interface on which route 192.168.99.0/24 is received. 

C. It tracks exactly 10 occurrences of route 192.168.99.0/24. 

D. It tracks the summary route 192.168.99.0/24 and all routes contained within. 

Answer: A 
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QUESTION 94 

Refer to the exhibit. Which VLANs are permitted to send frames out port FastEthernetO/1 ? 


Switchgshow interfaces fastEthernetO/1 svitchport 

Name: FaO/1 

Svitchport: Enabled 

Administrative Mode: trunk 

Operational Mode: trunk 

Administrative Trunking Encapsulation: dotlq 
Operational Trunking Encapsulation: dotlq 
Negotiation of Trunking: On 
Access Mode VLAN: 1 (default) 

Trunking Native Mode VLAN: 3 (VLAN0003) 

Administrative Native VLAN tagging: enabled 
Voice VLAN: none 

Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none 
Administrative private-vlan trunk Native VLAN tagging: enabled 
Administrative private-vlan trunk encapsulation: dotlq 
Administrative private-vlan trunk normal VLANs: none 
Administrative private-vlan trunk private VLANs: none 
Operational private-vlan: none 
Trunking VLANs Enabled: 4-100 
Pruning VLANs Enabled: 100-200 
Capture Mode Disabled 
Capture VLANs Allowed: ALL 

Protected: false 

Unknown unicast blocked: disabled 
Unknown multicast blocked: disabled 
Appliance trust: none 


A. 100 -200 

B. 4-100 

C. 1 and 4- 100 

D. 3 and 4- 100 

Answer: D 


QUESTION 95 

Which option is the default maximum age of the MAC address table? 

A. 300 seconds 

B. 500 seconds 

C. 1200 seconds 

D. 3600 seconds 

Answer: A 
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QUESTION 96 

Which statement about MSS is true? 

A. It is negotiated between sender and receiver. 

B. It is sent in all TCP packets. 

C. It is 20 bytes lower than MTU by default. 

D. It is sent in SYN packets. 

E. It is 28 bytes lower than MTU by default. 

Answer: D 


QUESTION 97 

Which two methods change the IP MTU value for an interface? (Choose two.) 

A. Configure the default MTU. 

B. Configure the IP system MTU. 

C. Configure the interface MTU. 

D. Configure the interface IP MTU. 

Answer: CD 


QUESTION 98 

Which implementation can cause packet loss when the network includes asymmetric routing 
paths? 

A. the use of ECMP routing 

B. the use of penultimate hop popping 

C. the use of Unicast RPF 

D. disabling Cisco Express Forwarding 

Answer: C 


QUESTION 99 

Which two mechanisms can be used to eliminate Cisco Express Forwarding polarization? 
(Choose two.) 

A. alternating cost links 

B. the unique-ID/universal-ID algorithm 

C. Cisco Express Forwarding antipolarization 

D. different hashing inputs at each layer of the network 

Answer: BD 


QUESTION 100 

Refer to the exhibit. What kind of load balancing is done on this router? 
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RIOlfshow ip cache flow 


Srclf 

SrcIPaddress 

Dstlf 

DstIPaddress 

Pr SrcP DstP 

Pkts 

EtO/O 

10.0.0.1 

Etl/0* 

14.0.0.2 

01 0000 0800 

34 

EtO/O 

10.0.0.1 

Etl/0 

Cl 

o 

o 

i—l 

01 0000 0800 

100 

EtO/O 

10.0.0.1 

Se3/0* 

14.0.0.2 

01 0000 0800 

33 

EtO/O 

i— 1 

o 

o 

o 

!-> 

Se2/0* 

14.0.0.2 

01 0000 0800 

33 

EtO/O 

10.0.0.1 

Null 

224.0.0.5 

59 0000 0000 

26 


A. per-packet load balancing 

B. per-flow load balancing 

C. per-label load balancing 

D. star round-robin load balancing 

Answer: A 


QUESTION 101 

Which authentication method does OSPFv3 use to secure communication between neighbors? 

A. plaintext 

B. MD5HMAC 

C. PKI 

D. IPSec 

Answer: D 


QUESTION 102 

Which three statements are true about OSPFv3? (Choose three.) 

A. The only method to enable OSPFv3 on an interface is via the interface configuration mode. 

B. Multiple instances of OSPFv3 can be enabled on a single link. 

C. There are two methods to enable OSPFv3 on an interface, either via the interface configuration 
mode or via the router configuration mode. 

D. For OSPFv3 to function, IPv6 unicast routing must be enabled. 

E. For OSPFv3 to function, IPv6 must be enabled on the interface. 

F. Only one instance of OSPFv3 can be enabled on a single link. 

Answer: BDE 


QUESTION 103 

Refer to the exhibit. Which statement is true? 
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P#show mpl 

s forwarding 

-table 




Local 

Outgoing 

Prefix 

Bytes Label 

Outgoing 

Next Hop 

Label 

Label 

or Tunnel Id 

Switched 

interface 


19 

21 

[mdt 1C00:2C00 

0] \ 






33516 

Et2/0 

10.1.2.2 


19 

[mdt 1000:2000 

0J \ 






912 

Etl/0 

10.1.1.1 

20 

24 

[mdt 1000:2000 

0] \ 






1932 

Et3/0 

10.1.3.3 


21 

[mdt 1000:2000 

0] \ 






1932 

Et2/0 

10.1.2.2 

23 

24 

[mdt 1000:2000 

0] \ 






3394C 

Et3/0 

10.1.3.3 


19 

[mdt 1000:2000 

0] \ 






912 

Etl/0 

10.1.1.1 


A. This is an MPLS TE point-to-multipoint LSP in an MPLS network. 

B. This is an MPLS TE multipoint-to-point LSP in an MPLS network. 

C. This is a point-to-multipoint LSP in an MPLS network. 

D. This is a multipoint-to-multipoint LSP in an MPLS network. 

Answer: D 


QUESTION 104 

Which statement about OSPF multiaccess segments is true? 

A. The designated router is elected first. 

B. The designated and backup designated routers are elected at the same time. 

C. The router that sent the first hello message is elected first. 

D. The backup designated router is elected first. 

Answer: D 


QUESTION 105 

Refer to the exhibit. Which statement is true? 
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Rl#show mpls 12transport vc 100 detail 

Local interface: Fa2/6 up, line protocol up, Ethernet up 
Destination address: 2.2.2.3, VC ID: 100, VC status: up 
Preferred path: Tunnell, active 
Default path: ready 

Tunnel label: 12307, next hop point2point 
Output interface: Tul, imposed label stack {12307 20} 
Create time: 00:00:11, last status change time: 00:00:11 
Signaling protocol: LDP, peer 2.2.2.3:0 up 
MPLS VC labels: local 21, remote 20 
Group ID: local 0, remote 2 
MTU: local 1500, remote 1500 
Remote interface description: 

Sequencing: receive disabled, send disabled 
VC statistics: 

packet totals: receive 1, send 6 
byte totals: receive 368, send 0 

packet drops: receive 0, send 0 


A. R1 routes this pseudowire over MPLS TE tunnel 1 with transport label 20. 

B. The default route 0.0.0.0/0 is available in the IPv4 routing table. 

C. R1 is using an MPLS TE tunnel for this pseudowire, because the IP path is not available. 

D. R1 has preferred-path configured for the pseudowire. 

Answer: D 


QUESTION 106 

What are the minimal configuration steps that are required to configure EIGRP HMAC-SHA2 
authentication? 

A. classic router mode, interface XX, authentication mode hmac-sha-256 <password> 

B. named router mode, address-family statement, authentication mode hmac-sha-256 <password> 

C. named router mode, address-family statement, af-interface default, authentication mode hmac- sha-256 
<password> 

D. named router mode, address-family statement, authentication mode hmac-sha-256 <password> 

Answer: C 


QUESTION 107 

Refer to the exhibit. How many EIGRP routes will appear in the routing table of R2? 
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Rl: 

Interface LoopbackO 
ip address 1 .1 .1 .1 255.255.255.0 
ipv6 address 2001 :12: :1/128 
ipv6 eigrp 100 

Interface FastEthernet0/0 
ip address 10.1.12.1 

255.255.255.0 
duplex auto 
speed auto 

ipv6 address 2001:112::l/64 
ipv6 eigrp 100 

Interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 

i 

ip forward-protocol nd 


no ip http server 

no ip http secure-server 

ipv6 router eigrp 100 
no shutdown 


control-plane 



R2: 

interface LoopbackO 
ip address 2.2.2.2 255.255.255.0 
ipv6 address 2001:12::2/128 
ipv6 eigrp 100 

interface FastEthernetO/0 
ip address 10.1.12.2 

255.255.255.0 
duplex auto 
speed auto 

i.pv6 address 2001 :112::2/64 
ipv6 eigrp 100 

interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 

ip forward-protocol nd 


no ip http server 

no ip http secure-server 


ipv6 router eigrp 100 
shutdown 


control-plane 


A. 0 

B. 1 

C. 2 

D. 3 

Answer: A 


QUESTION 108 

For which kind of MPLS deployment is the next-hop-self all keyword used on a BGP neighbor 
command? 

A. 6VPE 

B. MPLS Carrier's carrier 

C. inter-AS MPLS VPN option D 

D. inter-AS MPLS VPN option C 

E. Unified MPLS 

Answer: E 


QUESTION 109 

What is a reason for 6PE to use two MPLS labels in the data plane instead of one? 

A. 6PE allows penultimate hop popping and has a requirement that all P routers do not have to be 
IPv6 aware. 

B. 6PE does not allow penultimate hop popping. 

C. It allows MPLS traffic engineering to work in a 6PE network. 

D. It allows 6PE to work in an MPLS network where 6VPE is also deployed. 

Answer: A 
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QUESTION 110 

Which two configuration changes should be made on the OTP interface of an EIGRP OTP route 
reflector? (Choose two.) 

A. passive-interface 

B. no split-horizon 

C. no next-hop-self 

D. hello-interval 60, hold-time 180 

Answer: BC 

QUESTION 111 

Which statement about the function of poison reverse in EIGRP is true? 

A. It tells peers to remove paths that previously might have pointed to this router. 

B. It tells peers to remove paths to save memory and bandwidth. 

C. It provides reverse path information for multicast routing. 

D. It tells peers that a prefix is no longer reachable. 

Answer: A 


QUESTION 112 

What is the preferred method to improve neighbor loss detection in EIGRP? 

A. EIGRP natively detects neighbor down immediately, and no additional feature or configuration is required. 

B. BFD should be used on interfaces that support it for rapid neighbor loss detection. 

C. Fast hellos (subsecond) are preferred for EIGRP, so that it learns rapidly through its own mechanisms. 

D. Fast hellos (one-second hellos) are preferred for EIGRP, so that it learns rapidly through its own mechanisms. 

Answer: B 


QUESTION 113 

How does EIGRP derive the metric for manual summary routes? 

A. It uses the best composite metric of any component route in the topology table. 

B. It uses the worst composite metric of any component route in the topology table. 

C. It uses the best metric vectors of all component routes in the topology table. 

D. It uses the worst metric vectors of all component routes in the topology table. 

Answer: A 


QUESTION 114 

Refer to the exhibit. Which part of the joined group addresses list indicates that the interface has 
joined the EIGRP multicast group address? 
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R2#show ipv6 interface e0/0 
EthernetO/O is up, line protocol is up 

IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:200 
No Virtual link-local address(es): 

No global unicast address is configured 
Joined group address(es): 

FF02: : 1 
FF02::2 
FF02::A 

_ FF02::1:FFOO:200 _ 

A. FF02::1 

B. FF02::1:FF00:200 

C. FF02::A 

D. FF02::2 

Answer: C 


QUESTION 115 

Refer to the exhibit. Which two corrective actions could you take if EIGRP routes from R2 fail to 
reach R1 ? (Choose two.) 


P.l 

I 

ip vrf R2 
rcl 1:1 

i 

interface FastEthernetO/O 

ip address 152.168.0.1 255.255.255.252 

i 

router eigrp 100 
no auto-summary 
address-family ipv4 vrf R2 
network 152.168.0.0 0.0.0.255 


R2 

interface FastEthernetO/Q 

ip address 152.168.0.2 255.255.255.252 

i 

router eigrp 100 

no auto-summary 

network 152.168.0.2 0.0.0.1 


A. Configure R2 to use a VRF to send routes to R1. 

B. Configure the autonomous system in the EIGRP configuration of R1. 

C. Correct the network statement on R2. 

D. Add the interface on R1 that is connected to R2 into a VRF. 

Answer: BD 
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QUESTION 116 

EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy 
rollover from an old key to a new key. Which two statements are true regarding the usage of 
multiple authentication keys? (Choose two.) 

A. Received packets are authenticated by the key with the smallest key ID. 

B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many 
times as the number of existing valid keys. 

C. Received packets are authenticated by any valid key that is chosen. 

D. Sent packets are authenticated by the key with the smallest key ID. 

Answer: CD 


QUESTION 117 

Refer to the exhibit. Which additional configuration is necessary for R1 and R2 to become OSPF 
neighbors? 


P.l 

I 

interface FastethernetO/Q 
ip address 10.1.1.5 255.255.255.0 

I 

router ospf 1 

network 10.1.1.5 0.0.0.0 area 0 
passive-interface default 


R2 

I 

interface FastEthernetO/1 
ip address 10.1.1.6 255.255.255.0 

i 

router ospf 10 

network 10.1.1.6 0.0.0.0 area 0 


A. R1 

i 

router ospf 1 

no passive-interface Fastethernet0/0 

i 

B. R2 

i 

router ospf 10 

no network 10.1.1.6 0.0.0.0 area 0 
network 10.1.1.6 0.0.0.0 area 1 

i 

C. R1 

i 

interface FastEthernet0/0 
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ip ospf mtu-ignore 

j 

R2 

j 

interface FastEthernetO/1 
ip ospf mtu-ignore 

j 

D. R1 

I 

no router ospf 1 
router ospf 10 

network 10.1.1.5 0.0.0.0 area 0 

Answer: A 


QUESTION 118 

Consider an OSPFv3 network with four parallel links between each pair of routers. Which 
measure can you use to reduce the CPU load and at the same time keep all links available for 
ECMP? 

A. Configure some interfaces as passive interface. 

B. Configure ipv6 ospf priority 0 on some interfaces. 

C. Configure some routers with a distribute list in ingress of the OSPFv3 process. 

D. Configure ipv6 ospf database-filter all out on some interfaces. 

Answer: D 


QUESTION 119 

Refer to the exhibit. Which two statements about the device that generated the output are true? 
(Choose two.) 


Load for five secs: 12VQ%; one minute: 

4%; 

five minutes: 

5% 


Time source is NTP, 11:15:50.533 US/Ariz 

Tue 

Oct 1 

2013 



(10.10.76.151, 235.53.200.8), 7v0d/00:02 

: 55, 

flags: 

sTI 



Incoming interface: TenGigabitEthemet8/2 

, RPF nbr 70. 

165.73.188, 

RPF-MFD 

Outgoing interface list: 






GigabitEthernetl/5, Forvard/Sparse 

, 2v5d/00:0 

2:25, 

H 


GigabitEthernetl/2, Forvard/Sparse 

, 5v3d/00:0 

2:25, 

H 


GigabitEthernetl/1, Forvard/Sparse 

, 25v6d/00: 

02:49, 

H 


(10.10.76.151, 235.53.200.5), 7v0d/00:02 

: 55, 

flags: 

sTI 



Incoming interface: TenGigabitEtheme 

t8/2 

, RPF nbr 70. 

165.73.188, 

RPF-MFD 

Outgoing interface list: 






GigabitEthernetl/5, Forvard/Sparse 

, 2v5d/00:0 

2:25, 

H 



A. The SPT-bit is set. 

B. The sparse-mode flag is set. 

C. The RP-bit is set. 

D. The source-specific host report was received. 
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Answer: AD 


QUESTION 120 

A service provider is deploying L2VPN LAN services in its MPLS cloud. Which statement is true 

regarding LDP signaling and autodiscovery? 

A. LDP signaling requires that each PE is identified, and that an LDP session is active with its P neighbor 
for autodiscovery to take place. 

B. LDP signaling requires that each P is identified, and that a targeted LDP session is active for auto 
discovery to take place. 

C. LDP signaling requires that each PE is identified, and that a targeted LDP session with a BGP route 
reflector is active for autodiscovery to take place. 

D. LDP signaling requires that each PE is identified, and that a targeted LDP session is active for auto 
discovery to take place. 

Answer: D 


QUESTION 121 

Refer to the exhibit. Which three statements about the output are true? (Choose three.) 


Switch#show ip mroute 

IP Multicast Routing Table 

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected, 
L - Local, P - Pruned, R - RP-bit set, F - Register flag, 

T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet, 

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, 

U - URD, I - Received Source Specific Host Report, 

Z - Multicast Tunnel, z - MDT-data group sender, 

Y - Joined MDT-data group, y - Sending to MDT-data group, 

V - RD & Vector, v - Vector 

Outgoing interface flags: H - Hardware switched, A - Assert winner 
Timers: Uptime/Expires 

Interface state: Interface, Next-Hop or VCD, State/Mode 

(*, 239.192.1.1), 00:01:43/stopped, RP 10.210.150.1, flags: SJC 
Incoming interface: Null, RPF nbr 0.0.0.0 
Outgoing interface list: 

Vlanl50, Forward/Sparse-Dense, 00:01:43/00:02:55 

(10.210.168.132, 239.192.1.1), 00:00:25/00:02:38, flags: T 
Incoming interface: Port-channell, RPF nbr 10.85.20.20 
Outgoing interface list: 

Vlanl50, Forward/Sparse-Dense, 00:00:25/00:02:34 

(*, 224.0.1.40), 00:01:57/00:02:53, RP 10.210.150.1, flags: SJCL 
Incoming interface: Null, RPF nbr 0.0.0.0 
Outgoing interface list: 

Port-channell, Forward/Sparse-Dense, 00:01:09/00:03:18 

Vlanl50, Forward/Sparse-Dense, 00:01:39/00:02:55 


A. This switch is currently receiving a multicast data stream that is being forwarded out VLAN 150. 

B. A multicast receiver has requested to join one or more of the multicast groups. 

C. Group 224.0.1.40 is a reserved address, and it should not be used for multicast user data transfer. 
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D. One or more multicast groups are operating in PIM dense mode. 

E. One or more of the multicast data streams will be forwarded out to neighbor 10.85.20.20. 

F. Group 239.192.1.1 is a reserved address, and it should not be used for multicast user data transfer. 

Answer: ABC 


QUESTION 122 

Which statement about the RPF interface in a BIDIFt-PIM network is true? 

A. In a BIDIFt-PIM network, the RPF interface is always the interface that is used to reach the PIM 
rendezvous point. 

B. In a BIDIR-PIM network, the RPF interface can be the interface that is used to reach the PIM rendezvous 
point or the interface that is used to reach the source. 

C. In a BIDIR-PIM network, the RPF interface is always the interface that is used to reach the source. 

D. There is no RPF interface concept in BIDIR-PIM networks. 

Answer: A 


QUESTION 123 

Which technology is an application of MSDP, and provides load balancing and redundancy 
between the RPs? 

A. static RP 

B. PIM BSR 

C. auto RP 

D. anycast RP 

Answer: D 


QUESTION 124 

Which two statements are true about IPv6 multicast? (Choose two.) 

A. Receivers interested in IPv6 multicast traffic use IGMPv6 to signal their interest in the IPv6 multicast group. 

B. The PIM router with the lowest IPv6 address becomes the DR for the LAN. 

C. An IPv6 multicast address is an IPv6 address that has a prefix of FF00::/8. 

D. The IPv6 all-routers multicast group is FF02:0:0:0:0:0:0:2. 

Answer: CD 


QUESTION 125 

Refer to the exhibit. While configuring AAA with a local database, users can log in via Telnet, but 
receive the message "error in authentication" when they try to go into enable mode. Which action 
can solve this problem? 
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aaa new-model 

aaa authentication login default local 
username cisco privilege 15 password cisco 

User Access Verification 

Username: cisco 
Password: 

Router>en 

% Error in authentication. 

Router> 


A. Configure authorization to allow the enable command. 

B. Use aaa authentication login default enable to allow authentication when using the enable command. 

C. Verify whether an enable password has been configured. 

D. Use aaa authentication enable default enable to allow authentication when using the enable command. 

Answer: C 


QUESTION 126 

Which attribute is not part of the BGP extended community when a PE creates a VPN-IPv4 route 
while running OSPF between PE-CE? 

A. OSPF domain identifier 

B. OSPF route type 

C. OSPF router ID 

D. MED 

E. OSPF network type 

Answer: E 


QUESTION 127 

Which three factors does Cisco PfR use to calculate the best exit path? (Choose three.) 

A. quality of service 

B. packet size 

C. delay 

D. loss 

E. reachability 

F. administrative distance 

Answer: CDE 


QUESTION 128 

What is a reason to use DHCPv6 on a network that uses SLAAC? 
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A. to get a record of the IPs that are used by the clients 

B. to push DNS and other information to the clients 

C. no reason, because there is no need for DHCPv6 when using SLAAC 

D. because DHCPv6 can be used only in stateful mode with SLAAC to record the IPs of the clients 

E. because DHCPv6 can be used only in stateless mode with SLAAC to record the IPs of the clients 

F. because DHCPv6 is required to use first-hop security features on the switches 

Answer: B 


QUESTION 129 

Which statement is true about Fast Link Pulses in Ethernet? 

A. They are used during collision detection. 

B. They are used only if the media type is optical. 

C. They are part of UniDirectional Link Detection. 

D. They are used during autonegotiation. 

Answer: D 


QUESTION 130 

Which statement is true regarding UDLD and STP timers? 

A. The UDLD message timer should be two times the STP forward delay to prevent loops. 

B. UDLD and STP are unrelated features, and there is no relation between the timers. 

C. The timers need to be synced by using the spanning-tree udld-sync command. 

D. The timers should be set in such a way that UDLD is detected before the STP forward delay expires. 

Answer: D 


QUESTION 131 

Which switching technology can be used to solve reliability problems in a switched network? 

A. fragment-free mode 

B. cut-through mode 

C. check mode 

D. store-and-forward mode 

Answer: D 


QUESTION 132 

Refer to the exhibit. A PE router is configured with a policy map that contains the policer shown. 
The policy map is configured in the inbound direction of an interface facing a CE router. If the PE 
router receives 12Mb/s of traffic with the CoS value set to 7 on a 100-Mb/s interface from the CE 
router, what value of MPLS EXP is set when this traffic goes through the policer shown? 


police cir percent 10 conform-action proceed exceed-action set-mpls-experimental-topmost 6 
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A. 0 

B. 6 

C. 7 

D. 8 

Answer: B 


QUESTION 133 

Drag and Drop Question 


What is the correct order of the VSS initialization process? Drag the actions on the left to the correct initialization step on the right. 



bring up VSL links 


initialization step 1 



run VSLP 


initialization step 2 


preparse config 


initialization step 3 



run RRP 


initialization step 4 



continue system bootup 


initialization step 5 


interchassis SSO 


initialization step 6 


Answer: 


What is the correct order of the VSS initialization process? Drag the actions on the left to the correct initialization step on the right. 



QUESTION 134 

Drag and Drop Question 


Drag and drop the IPv6 address on the left to the correct IPv6 address type on the right. 


FF01::2 


FE80:2a5b::5 


FDF8:E5F3:83E4:FEAA::53 


2005:CA75:D095::5 


F880:E6F4:B665::44 


Link Local Unicast 


Global Unicast 


Multicast 


Unique Local Unicast 


Answer: 
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Drag and drop the IPv6 address on the left to the correct IPv6 address type on the right. 





FE80:2a5b::5 





2005:CA75:D095::5 





FF01::2 





FDF8:E5F3:83E4:FEAA::53 


F880:E6F4:B665::44 


QUESTION 135 

Drag and Drop Question 



Answer: 


Drag and drop the BGP attribute on the left to the correct category on the right. 



BGP Well-Known Mandatory Attribute 


AS_path 

Community 



Next-Hop 





BGP Well-Known Discretionary Attribute 


Local-Pref 

Aggregator 




BGP Optional Nontransitive Attribute 


Originator ID 




QUESTION 136 

Drag and Drop Question 
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Encrypts the entire session 


RADIUS 

Uses less memory and CPU on a router 




Combines authentication and authorization 






Can limit router commands based on user groups 


TACACS+ 





Answer: 



QUESTION 137 

Drag and Drop Question 

Drag and drop the events on the left to dispaly the correct sequence on the right when CoPP is 
enabled. 


Drag and drop the events on the left to display the correct sequence on the right when CoPP is enabled. 




The packet gets forwarded to the switch CPU. 


1 




A packet enters the switch that is configured with CoPP on the ingress port 


2 



The switch makes a routing or a switching decision, which determines whether or not the 
packet is destined for the control plane. 


3 




The port performs any applicable input port and QoS services. 


4 




Packets that are destined for the control plane are processed by CoPP and are dropped 
or delivered to the control plane according to each traffic class policy. Packets that have 
other destinations are forwarded normally. 


5 





Answer: 
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Drag and drop the events on the left to display the correct sequence on the right when CoPP is enabled. 




A packet enters the switch that is configured with CoPP on the ingress port. 





The port performs any applicable input port and QoS services. 





The packet gets forwarded to the switch CPU. 





The switch makes a routing or a switching decision, which determines whether or not the 
packet is destined for the control plane. 





Packets that are destined for the control plane are processed by CoPP and are dropped 
or delivered to the control plane according to each traffic class policy. Packets that have 
other destinations are forwarded normally. 


QUESTION 138 

Drag and Drop Question 


Drag and drop the QoS requirement on the left to the correct QoS technology on the right. 




Guarantees an amount of bandwidth 


Police 




Is an application classification 


CBWFQ 




Prioritizes real-time voice traffic 


Shaping 




Buffers bursting traffic 


LLQ 




Limits an amount of bandwidth 


NBAR 



Answer: 


Drag and drop the QoS requirement on the left to the correct QoS technology on the right. 





Limits an amount of bandwidth 





Guarantees an amount of bandwidth 





Buffers bursting traffic 



Prioritizes real-time voice traffic 





Is an application classification 


QUESTION 139 

Drag and Drop Question 
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Drag and drop the IPv6 multicast feature or protocol on the left to the correct address space on the right 




All nodes 


FF02::D 




All routers 


FF02::6 




EIGRP 


FF02::2 




PIM routers 


FF02::A 




RIP routers 


FF02::1 




OSPFv3 all DR routers 


FF02::9 





Answer: 


Drag and drop the IPv6 multicast feature or protocol on the left to the correct address space on the right 



PIM routers 




OSPFv3 all DR routers 




All routers 



EIGRP 



All nodes 



RIP routers 


QUESTION 140 

Refer to the exhibit. Which technology does the use of bi-directional BPDUs on all ports in the 
topology support? 



A. RSTP 

B. MST 

C. Bridge Assurance 

D. Loop Guard 

E. Root Guard 

F. UDLD 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


56 

































































































Pass Leader’ 

Leader of IT Certifications 


Answer: C 


QUESTION 141 

Which three statements are true about PPP CHAP authentication? (Choose three.) 

A. PPP encapsulation must be enabled globally. 

B. The LCP phase must be complete and in closed state. 

C. The hostname used by a router for CHAP authentication cannot be changed. 

D. PPP encapsulation must be enabled on the interface. 

E. The LCP phase must be complete and in open state. 

F. By default, the router uses its hostname to identify itself to the peer. 

Answer: DEF 


QUESTION 142 

Which two statements are true about an EPL? (Choose two.) 

A. It is a point-to-point Ethernet connection between a pair of NNIs. 

B. It allows for service multiplexing. 

C. It has a high degree of transparency. 

D. The EPL service is also referred to as E-line. 

Answer: CD 


QUESTION 143 

Which two statements describe characteristics of HDLC on Cisco routers? (Choose two.) 

A. It supports multiple Layer 3 protocols. 

B. It supports multiplexing. 

C. It supports only synchronous interfaces. 

D. It supports authentication. 

Answer: AC 


QUESTION 144 

Refer to the exhibit. What is the meaning of the asterisk (*) in the output? 
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Rllshow ip mroute 232.1.1.1 
IP Multicast Routing Table 

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected, 
L - Local, P - Pruned, R - RP-bit set, F - Register flag, 

T - SPT-bit set, J - Join SPT, M - MSDP created entry, 

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, 

U - URD, I - Received Source Specific Host Report, 

Z - Multicast Tunnel, z - MDT-data group sender, 

Y - Joined MDT-data group, y - Sending to MDT-data group 
Outgoing interface flags: H - Hardware switched, A - Assert winner 
Timers: Uptime/Expires 

Interface state: Interface, Next-Hop or VCD, State/Mode 

(10.1.4.7, 232.1.1.1), 00:17:24/00:02:53, flags: sTI 
Incoming interface: Ethernetl/0, RPF nbr 10.1.5.6* 

Outgoing interface list: 

LoopbackO, Forward/Sparse, 00:14:42/00:01:21 


A. PIM neighbor 10.1.5.6 is the RPF neighbor for the group 232.1.1.1 for the shared tree. 

B. PIM neighbor 10.1.5.6 is the one that is seen as the RPF neighbor when performing the command 
show ip rpf 10.1.4.7. 

C. PIM neighbor 10.1.5.6 is the winner of an assert mechanism. 

D. The RPF neighbor 10.1.5.6 is invalid. 

Answer: C 


QUESTION 145 

Refer to the exhibit. What is the role of this multicast router? 


Router#show ip pim tunnel 

Tunnel0 

Type 

PIM Encap 

RP 

10.1.100.2* 

Source 

10.1.100.2 

Tunnel1* 

Type 

PIM Decap 

RP 

10.1.100.2* 

Source 

- 


A. a first-hop PIM router 

B. a last-hop PIM router 

C. a PIM rendezvous point 

D. a PIM inter-AS router 

Answer: C 


QUESTION 146 

Refer to the exhibit. Which option explains why the forwarding address is set to 0.0.0.0 instead of 
110 . 100 . 1 . 1 ? 
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interface EthernetO/1 
ip address 110.100.1.4 255.255.255.0 

i 

router ospf 100 
router-id 4.4.4.4 

redistribute static metric-type 1 subnets tag 704 
network 110.110.0.0 0.0.255.255 area 110 

i 

ip route 192.168.10.0 255.255.255.0 EthernetO/1 110.100.1.1 


External LSA: 

OSPF Router with ID (4.4.4.4) (Process ID 100) 

Type-5 AS External Link States 

LS age: 101 

Options: (No TOS-capability, DC, Upward) 

LS Type: AS External Link 

Link State ID: 192.168.10.0 (External Network Number ) 

Advertising Router: 4.4.4.4 

LS Seq Number: 80000084 

Checksum: 0x74E2 

Length: 36 

Network Mask: /24 

Metric Type: 1 (Comparable directly to link state metric) 
MTID: 0 
Metric: 20 

Forward Address: 0.0.0.0 
External Route Tag: 704 


A. The interface EthernetO/1 is in down state. 

B. The next-hop ip address 110.100.1.1 is not directly attached to the redistributing router. 

C. The next-hop interface (EthernetO/1) is specified as part of the static route command; therefore, the 
forwarding address is always set to 0.0.0.0. 

D. OSPF is not enabled on the interface EthernetO/1. 

Answer: D 


QUESTION 147 

Refer to the exhibit. Which statement is true? 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


59 















Pass Leader* 

Leader of IT Certifications 


Rl#show ipv6 route 

C 2001:DBS::/64 [0/0] 

via Ethernet0/0, directly connected 
L 2001:DBS::1/128 [0/0] 

via Ethernet0/0, receive 


A. 2001 :DB8::1/128 is a local host route, and it can be redistributed into a dynamic routing protocol. 

B. 2001 :DB8::1/128 is a local host route, and it cannot be redistributed into a dynamic routing protocol. 

C. 2001 :DB8::1/128 is a local host route that was created because ipv6 unicast-routing is not enabled 

on this router. 

D. 2001 :DB8::1/128 is a route that was put in the IPv6 routing table because one of this router's loopback 
interfaces has the IPv6 address 2001 :DB8::1/128. 

Answer: B 


QUESTION 148 

Refer to the exhibit. You have configured two routing protocols across this point-to-point link. How 
many BFD sessions will be established across this link? 


Hub2#sh ip eigrp 

i neighbors 





EIGRP-IPv4 Neighbors for AS(123) 





H Address 

Interface 


Hold Uptime 

SRTT RIO Q 

Seq 




(sec) 

(ms) Cnt 

Num 

0 192.163.0.2 

StO/3 


11 01:49:56 

1 3000 0 

1 

Hub2#sh ip ospf 

neighbor 





Neighbor ID 

Pri State 

Dead Time 

Address 

Interface 


192.163.0.2 

1 FULL/DR 

00:00:31 

192.163.0.2 

Ethernet0/3 



A. three per interface 

B. one per multicast address 

C. one per routing protocol 

D. one per interface 

Answer: D 


QUESTION 149 

What is the most efficient way to confirm whether microbursts of traffic are occurring? 

A. Monitor the output traffic rate using the show interface command. 

B. Monitor the output traffic rate using the show controllers command. 

C. Check the CPU utilization of the router. 

D. Sniff the traffic and plot the packet rate over time. 

Answer: D 


QUESTION 150 

What is a cause for unicast flooding? 
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A. Unicast flooding occurs when multicast traffic arrives on a Layer 2 switch that has directly connected 
multicast receivers. 

B. When PIM snooping is not enabled, unicast flooding occurs on the switch that interconnects the 
PIM-enabled routers. 

C. A man-in-the-middle attack can cause the ARP cache of an end host to have the wrong MAC address. 
Instead of having the MAC address of the default gateway, it has a MAC address of the man-in-the-middle. 
This causes all traffic to be unicast flooded through the man-in-the-middle, which can then sniff all packets. 

D. Forwarding table overflow prevents new MAC addresses from being learned, and packets destined to 
those MAC addresses are flooded until space becomes available in the forwarding table. 

Answer: D 


QUESTION 151 

Refer to the exhibit. All switches have default bridge priorities, and originate BPDUs with MAC 
addresses as indicated. The numbers shown are STP link metrics. Which two ports are in 
blocking state after STP converges? (Choose two.) 


Priority: 32768 
MAC Address: 
(4ac.c1c4 2b83 


Priority: 32768 
MAC Address: 
f4ac.c1c4 2t>84 


Priority: 32768 
MAC Address: 
f4ac.c1c4 2b80 




MAC Address: 
f4ac.c1 c4 2b86 


Priority: 32768 
MAC Address 
(4ac.c1c4 2b82 


Priority; 32768 
MAC Address 
f4ac.dc4.2b85 


A. the port on switch SWD that connects to switch SWE 

B. the port on switch SWF that connects to switch SWG 
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C. the port on switch SWD that connects to switch SWC 

D. the port on switch SWB that connects to switch SWD 

Answer: CD 


QUESTION 152 

Which statement is true about IGMP? 

A. Multicast sources send IGMP messages to their first-hop router, which then generates a PIM join 
message that is then sent to the RP. 

B. Multicast receivers send IGMP messages to their first-hop router, which then forwards the IGMP 
messages to the RP. 

C. IGMP messages are encapsulated in PIM register messages and sent to the RP. 

D. Multicast receivers send IGMP messages to signal their interest to receive traffic for specific 
multicast groups. 

Answer: D 


QUESTION 153 

What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec 
establishment? 

A. It does not use Diffie-Hellman for secret exchange. 

B. It does not support dead peer detection. 

C. It does not support NAT traversal. 

D. It does not hide the identity of the peer. 

Answer: D 


QUESTION 154 

What can PfR passive monitoring mode measure for TCP flows? 

A. only delay 

B. delay and packet loss 

C. delay and reachability 

D. delay, packet loss, and throughput 

E. delay, packet loss, throughput, and reachability 

Answer: E 


QUESTION 155 

Which two statements are true about an EVPL? (Choose two.) 

A. It has a high degree of transparency. 

B. It does not allow for service multiplexing. 

C. The EVPL service is also referred to as E-line. 

D. It is a point-to-point Ethernet connection between a pair of UNIs. 

Answer: CD 
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QUESTION 156 

Which two statements are true about OTV? (Choose two.) 

A. It relies on flooding to propagate MAC address reachability information. 

B. It uses a full mesh of point-to-multipoint tunnels to prevent head-end replication of multicast traffic. 

C. It can work over any transport that can forward IP packets. 

D. It supports automatic detection of multihoming. 

Answer: CD 


QUESTION 157 

Which two statements are true about RSTP? (Choose two.) 

A. By default, RTSP uses a separate TCN BPDU when interoperating with 802.1 D switches. 

B. By default, RTSP does not use a separate TCN BPDU when interoperating with 802.1 D switches. 

C. If a designated port receives an inferior BPDU, it immediately triggers a reconfiguration. 

D. By default, RTSP uses the topology change TC flag. 

E. If a port receives a superior BPDU, it immediately replies with its own information, and no reconfiguration 
is triggered. 

Answer: BD 


QUESTION 158 

Refer to the exhibit. Video Source S is sending interactive video traffic to Video Receiver R. 
Router R1 has multiple routing table entries for destination R. Which load-balancing mechanism 
on R1 can cause out-of- order video traffic to be received by destination R? 


Video 
Source S 


/ 


/ 

/ 


/ 


/ 



Receiver R 


A. per-flow load balancing on R1 for destination R 
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B. per-source-destination pair load balancing on R1 for destination R 

C. CEF load balancing on R1 for destination R 

D. per-packet load balancing on R1 for destination R 

Answer: D 


QUESTION 159 

Refer to the exhibit. Which two statements are true about the displayed STP state? (Choose two.) 


sw±tch#show sparming-tree detail 

MSTO is executing the mstp compatible Spanning Tree protocol 
Bridge Identifier has priority 32768, sysid 0, address f4ac.clc4.2b80 
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6 
Current root has priority 24576, address 0019.07aa.5ac0 
Root port is 56 (Port-channell), cost of root path is 0 
Topology change flag not set, detected flag not set 
Number of topology changes 296 last change occurred 00:01:17 ago 
from GigabitEthernetO/15 


A. The STP version configured on the switch is IEEE 802.1w. 

B. Port-channel 1 is flapping and the last flap occurred 1 minute and 17 seconds ago. 

C. The switch does not have PortFast configured on GiO/15. 

D. BPDUs with the TCN bit set are transmitted over port channel 1. 

Answer: CD 


QUESTION 160 

Which two mechanisms provide Cisco IOS XE Software with control plane and data plane 
separation? (Choose two.) 

A. Forwarding and Feature Manager 

B. Forwarding Engine Driver 

C. Forwarding Performance Management 

D. Forwarding Information Base 

Answer: AB 


QUESTION 161 

Refer to the exhibit. Which command is configured on this router? 


R2# show bgp ipv4 

unicast summary 





BGP router identifier 10.100.1.2, local AS number 2 





BGP table version 

is 1, main routing table version 1 





Neighbor V 

AS MsgRcvd MsgSent TblVer 

InQ 

OutQ 

Up/Down 

State/PfxRcd 

10.100.1.1 4 

10 0 1 

0 

0 

6d20h 

Idle (PfxCt) 
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A. bgp update-delay 60 

B. neighbor 10.100.1.1 maximum-prefix 200 

C. neighbor 10.100.1.1 maximum-path 2 

D. neighbor 10.100.1.1 ebgp-multihop 2 

Answer: B 


QUESTION 162 

What is the purpose of Route Target Constraint? 

A. to avoid using route reflectors in MPLS VPN networks 

B. to avoid using multiple route distinguishers per VPN in MPLS VPN networks 

C. to be able to implement VPLS with BGP signaling 

D. to avoid sending unnecessary BGP VPNv4 or VPNv6 updates to the PE router 

E. to avoid BGP having to perform route refreshes 

Answer: D 


QUESTION 163 

Refer to the exhibit. Why is network 172.16.1.0/24 not installed in the routing table? 


R3#sho ip bgp 172.16.1.0 

3GP routing table entry for 172.16.1.0/24, version 5 
Paths: (1 available, no best path) 

Not advertised to any peer 
Refresh Epoch 1 
1 

192.163.1.1 (inaccessible) from 192.163.2.1 (192.168.3.1) 
Origin IGP, metric 0, localpref 100, valid, internal 
rx pathid: 0x0, tx pathid: 0 


A. There is no ARP entry for 192.168.1.1. 

B. The router cannot ping 192.168.1.1. 

C. The neighbor 192.168.1.1 just timed out and BGP will flush this prefix the next time that the BGP 
scanner runs. 

D. There is no route for 192.168.1.1 in the routing table. 

Answer: D 


QUESTION 164 

Which two statements about port ACLs are true? (Choose two.) 

A. Port ACLs are supported on physical interfaces and are configured on a Layer 2 interface on a switch. 

B. Port ALCs support both outbound and inbound traffic filtering. 

C. When it is applied to trunk ports, the port ACL filters only native VLAN traffic. 

D. When it is applied to a port with voice VLAN, the port ACL filters both voice and data VLAN traffic. 

Answer: AD 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


65 















Pass Leader’ 

Leader of IT Certifications 


QUESTION 165 

Which two statements about private VLANs are true? (Choose two.) 

A. Only one isolated VLAN can be mapped to a primary VLAN. 

B. Only one community VLAN can be mapped to a primary VLAN. 

C. Multiple isolated VLANs can be mapped to a primary VLAN. 

D. Multiple community VLANs can be mapped to a primary VLAN. 

Answer: AD 


QUESTION 166 

Refer to the exhibit. Which two statements are true? (Choose two.) 


Routing Process n ospf l n with ID 1.1.1.1 
Start time: lw5d, Time elapsed: 4dllh 
Supports only single TOS(TOSO) routes 
Supports opaque LSA 
Supports Link-local Signaling (LLS) 

Supports area transit capability 

Router is not originating router-LSAs with maximum metric 
Initial SPF schedule delay 5000 msecs 

Minimum hold time between two consecutive SPFs 10000 msecs 
Maximum wait time between two consecutive SPFs 10000 msecs 
Incremental-SPF disabled 
Minimum LSA interval 5 secs 
Minimum LSA arrival 1000 msecs 
LSA group pacing timer 240 secs 
Interface flood pacing timer 33 msecs 
Retransmission pacing timer 66 msecs 
Number of external LSA 0. Checksum Sum 0x000000 
Number of opaque AS LSA 0. Checksum Sum 0x000000 
Number of DCbitless external and opaque AS LSA 0 
Number of DoNotAge external and opaque AS LSA 0 
Number of areas in this router is 1. 1 normal 0 stub 0 nssa 
Number of areas transit capable is 0 
External flood list length 0 
IETF NSF helper support enabled 
Cisco NSF helper support enabled 
Reference bandwidth unit is 100 mbps 
Area BACKBONE(0) 

Number of interfaces in this area is 2 (1 loopback) 
Area has no authentication 

SPF algorithm last executed 00:00:11.176 ago 
SPF algorithm executed 7 times 
Area ranges are 

Number of LSA 3. Checksum Sum 0x0140E5 

Number of opaque link LSA 0. Checksum Sum 0x000000 

Number of DCbitless LSA 0 

Number of indication LSA 0 

Number of DoNotAge LSA 0 

Flood list length 0 


A. This is the output of the show ip ospf command. 
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B. This is the output of the show ip protocols command. 

C. This router is an ABR. 

D. This router is an ASBR. 

E. Authentication is not configured for the area. 

Answer: AE 


QUESTION 167 

Refer to the exhibit. Why is the prefix 1.1.1.1/32 not present in the routing table of R1? 


R'l#show ip route 1.1.1.1 
% Network not in table 

Rl#sho ip ospf database router 1.1.1.1 

OSPF Router with ID (10.10.10.10) (Process ID 1) 

Router Link States (Area 0) 

Adv Router is not-reachable 
LS age: 6 

Options: (No TOS-capability, DC) 

LS Type: Router Links 
Link State ID: 1.1.1.1 
Advertising Router: 1.1.1.1 
LS Seq Number: 80000003 
Checksum: 0x6889 
Length: 48 
Number of Links: 2 

Link connected to: a Stub Network 
(Link ID) Network/subnet number: 1.1.1.1 
(Link Data) Network Mask: 255.255.255.255 
TOS 0 Metrics: 1 

Link connected to: a Transit Network 
(Link ID) Designated Router address: 10.1.1.0 
(Link Data) Router Interface address: 10.1.1.1 
TOS 0 Metrics: 10 

Rl#sho ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

1.1.1.1 0 FULL/ - 00:00:36 10.1.1.1 Ethernet0/0 


A. There is a duplicate router ID. 

B. There is a subnet mask mismatch on Ethernet0/0. 

C. The router LSA has an invalid checksum. 

D. There is an OSPF network type mismatch that causes the advertising router to be unreachable. 

Answer: D 


QUESTION 168 

Consider a network that mixes link bandwidths from 128 kb/s to 40 Gb/s. Which value should be 
set for the OSPF reference bandwidth? 

A. Set a value of 128. 
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B. Set a value of 40000. 

C. Set a manual OSPF cost on each interface. 

D. Use the default value. 

E. Set a value of 40000000. 

F. Set a value of 65535. 

Answer: C 


QUESTION 169 

Which statement about a type 4 LSA in OSPF is true? 

A. It is an LSA that is originated by an ABR, that is flooded throughout the AS, and that describes a 
route to the ASBR. 

B. It is an LSA that is originated by an ASBR, that is flooded throughout the AS, and that describes a 
route to the ASBR. 

C. It is an LSA that is originated by an ASBR, that is flooded throughout the area, and that describes a 
route to the ASBR. 

D. It is an LSA that is originated by an ABR, that is flooded throughout the AS, and that describes a 
route to the ABR. 

E. It is an LSA that is originated by an ABR, that is flooded throughout the area, and that describes a 
route to the ASBR. 

Answer: E 


QUESTION 170 

Refer to the exhibit. What is the PHB class on this flow? 


R101#show ip 

Srclf 

cache verbose 

flow 




SrcIPaddress 

Dstlf 


DstIPaddress 

Pr TOS Figs Pkts 

Port Msk AS 


Port Msk 

AS 

NextHop 

B/Pk Active 

Et0/0 

10.0.0.1 

Etl/0* 


14.0.0.2 

01 80 10 1 

0000 /0 0 


0800 /0 

0 

o 

o 

o 

o 

100 0.0 


A. EF 

B. none 

C. AF21 

D. CS4 

Answer: D 


QUESTION 171 

Drag and Drop Question 
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QUESTION 172 

Drag and Drop Question 



Answer: 
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QUESTION 173 

Refer to the exhibit. If you change the Spanning Tree Protocol from pvst to rapid-pvst, what is the 
effect on the interface FaO/1 port state? 


Switch#show spanning-tree 
VLAN0001 

Spanning tree enabled protocol leee 

Root ID Priority 32169 
Address 001a.6d4b.c5Q0 

This bridge is the root 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 32765 (priority 32768 sys-id-ext 1) 
Address 001a.6d4b.c500 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 15 

Interface Role Sts Cost Prio.Nbr Type 


Fa0/1 Desg FVD 15 128.1 P2p 


A. It transitions to the listening state, and then the forwarding state. 

B. It transitions to the learning state and then the forwarding state. 

C. It transitions to the blocking state, then the learning state, and then the forwarding state. 

D. It transitions to the blocking state and then the forwarding state. 

Answer: C 


QUESTION 174 

Refer to the exhibit. Which configuration is missing that would enable SSH access on a router 
that is running Cisco IOS XE Software? 
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interface GigabitEthernetO/O/O 
ip address 192.168.1.1 255.255.255.0 

i 

ip ssh version 2 

ip access-list extended protect-ssh 
permit ip any any eq 22 

I 

line vty 0 4 

access-class protect-ssh in 
transport input ssh 


A. int Gig 0 / 0/0 
management-interface 

B. class-map ssh-class 

match access-group protect-ssh 
policy-map control-plane-in 
class ssh-class 

police 80000 conform transmit exceed drop 
control-plane 

service-policy input control-plane-in 

C. control-plane host 

management-interface GigabitEthernet 0 / 0/0 allow ssh 

D. interface Gig 0 / 0/0 

ip access-group protect-ssh in 

Answer: C 


QUESTION 175 

Which two options are causes of out-of-order packets? (Choose two.) 

A. a routing loop 

B. a router in the packet flow path that is intermittently dropping packets 

C. high latency 

D. packets in a flow traversing multiple paths through the network 

E. some packets in a flow being process-switched and others being interrupt-switched on a transit router 

Answer: DE 


QUESTION 176 

A TCP/IP host is able to transmit small amounts of data (typically less than 1500 bytes), but 
attempts to transmit larger amounts of data hang and then time out. What is the cause of this 
problem? 

A. A link is flapping between two intermediate devices. 

B. The processor of an intermediate router is averaging 90 percent utilization. 

C. A port on the switch that is connected to the TCP/IP host is duplicating traffic and sending it to a port 
that has a sniffer attached. 
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D. There is a PMTUD failure in the network path. 

Answer: D 


QUESTION 177 

Refer to the exhibit. ICMP Echo requests from host A are not reaching the intended destination 
on host B. What is the problem? 

Internet Protocol Version 4, Src: 10.149.4.110 (10.149.4.110), Dst: 192.168.3.1 (192.168.3.1) 

Version: 4 

Header length: 20 bytes 

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 
Total Length: 60 
Identification: 0x64ac (25772) 

Flags: 0x00 
Fragment offset: 0 
Time to live: 1 
Protocol: ICMP (1) 

Header checksum: 0x3269 [correct] 

Source: 10.149.4.110 (10.149.4.110) 

Destination: 192.168.3.1 (192.168.3.1) 

Internet Control Message Protocol 
Type: 8 (Echo (ping) request) 

Code: 0 

Checksum: 0x4d3d [correct] 

Identifier (3E): 1 (0x0001) 

Identifier (LE): 256 (0x0100) 

Sequence number (BE): 30 (OxOOle) 

Sequence number (LE): 7680 (OxleOO) 

Data (32 bytes) 

0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop 

0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi 

Data: 616263646S666768696a6b6c6d6e6f707172737475767761... 

[Length: 32] 


A. The ICMP payload is malformed. 

B. The ICMP Identifier (BE) is invalid. 

C. The negotiation of the connection failed. 

D. The packet is dropped at the next hop. 

E. The link is congested. 

Answer: D 


QUESTION 178 

Refer to the exhibit. Which statement is true? 


R101#show 
[...] 

Srclf 

ip cache flow 







SrcIPaddress 

Dstlf 

DstIPaddress 

Pr 

SrcP 

DstP 

Pkts 

EtO/O 

10.0.0.1 

EtO/O 

15.0.0.2 

01 

0000 

0800 

2603 


A. It is impossible for the destination interface to equal the source interface. 

B. NAT on a stick is performed on interface EtO/O. 

C. There is a potential routing loop. 

D. This output represents a UDP flow or a TCP flow. 

Answer: C 


QUESTION 179 

Which three conditions can cause excessive unicast flooding? (Choose three.) 
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A. Asymmetric routing 

B. Repeated TCNs 

C. The use of HSRP 

D. Frames sent to FFFF.FFFF.FFFF 

E. MAC forwarding table overflow 

F. The use of Unicast Reverse Path Forwarding 

Answer: ABE 


QUESTION 180 

Drag and Drop Question 


Drag and drop the multicast protocol or feature on the left to the correct address space on the right. 


Auto-RP announcement 


224.0.0.13 


PIMv2 


232.0.0.0/8 




GLBP 


224.0.1.40 


Auto-RP discovery 


224.0.0.102 




Source Specific Multicast (SSM) 


224.0.1.39 


Answer: 


Drag and drop the multicast protocol or feature on the left to the correct address space on the right. 



QUESTION 181 

Drag and Drop Question 

Drag and drop the router preference on the left to the correct routing sequence (from most 
preferred to least preferred) on the right. 


Drag and drop the router preference on the left to the correct routing sequence (from most preferred to least preferred) on the right 




EBGP route 


1 




Static route 


2 




Most specific prefix 


3 




Directly connected route 


4 



Answer: 
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Drag and drop the router preference on the left to the correct routing sequence (from most preferred to least preferred) on the right. 


Most specific prefix 


Directly connected route 


Static route 


EBGP route 


QUESTION 182 

Which congestion-avoidance or congestion-management technique can cause global 
synchronization? 

A. Tail drop 

B. Random early detection 

C. Weighted random early detection 

D. Weighted fair queuing 

Answer: A 


QUESTION 183 

Which group of neighbors can be configured as a BGP peer group? 

A. a group of iBGP neighbors that have the same outbound route policies 

B. a group of iBGP and eBGP neighbors that have the same inbound distribute-list 

C. a group of eBGP neighbors in the same autonomous system that have different outbound route policies 

D. a group of iBGP neighbors that have different outbound route policies 

Answer: A 


QUESTION 184 

Refer to the exhibit. Notice that debug ip bgp updates has been enabled. What can you conclude 
from the debug output? 


BGP(O): 10.1.3.4 rcvd UPDATE w/ attr: nexthop 10.1.3.4, origin i, 
metric 0, merged path 4, AS_PATH 

BGP(O): 10.1.3.4 rcvd 10.100.1.1/32... duplicate ignored 


A. This is the result of the clear ip bgp 10.1.3.4 in command. 

B. This is the result of the clear ip bgp 10.1.3.4 out command. 

C. BGP neighbor 10.1.3.4 performed a graceful restart. 

D. BGP neighbor 10.1.3.4 established a new BGP session. 

Answer: A 


QUESTION 185 

In the DiffServ model, which class represents the lowest priority with the lowest drop probability? 
A. AF11 
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B. AF13 

C. AF41 

D. AF43 

Answer: A 


QUESTION 186 

Which set of commands conditionally advertises 172.16.0.0/24 as long as 10.10.10.10/32 is in the 
routing table? 


A. 


B. 


neighbor x.x.x.x advertise-map ADV exist-map EXT 
route-map ADV 

match IP address prefix-list ADV 

j 

route-map EXT 

match IP address prefix-list EXT 
ip prefix-list EXT permit 172.16.0.0/24 
ip prefix-list ADV permit 10.10.10.10/32 


neighbor x.x.x.x advertise-map ADV exist-map EXT 
route-map ADV 

match IP address prefix-list ADV 
route-map EXT 

match IP address prefix-list EXT 

I 

ip prefix-list ADV permit 172.16.0.0/24 
ip prefix-list EXT permit 10.10.10.10/32 


neighbor x.x.x.x advertise-map ADV 
noute-map ADV 

match IP address prefix-list ADV 
match IP address prefix-list EXT 

i 

ip prefix-list ADV permit 172.16.0.0/24 

j 

ip prefix-list EXT permit 10.10.10.10/32 
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neighbor x.x.x.x advertise-map ADV 
noute-map ADV 

match IP address prefix-list ADV 
match IP address prefix-list EXT 

i 

ip prefix-list ADV permit 172.16.0.0/24 

; 

ip prefix-list EXT permit 10.10.10.10/32 


Answer: B 


QUESTION 187 

Refer to the exhibit. Why is R2 unable to ping the loopback interface of R4? 


BGP AS65001 

- LoopbackO 
T 3.3.3.3/24 



R2#sh ip bgp 



BGP table version is 4, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal. 

r RIB-failure, S Stale 



Origin codes: i - IGP, e - EGP, ? ■ 

■ incomplete 

Network Next Hop 

Metric LocPrf Weight Path 

*>1.1.1.0/24 10.1.12.1 

0 

0 65105 i 

*> 2.2.2.0/24 0.0.0.0 

0 

32768 i 

*>i3.3.3.0/24 10.1.23.3 

0 

100 Oi 

* i4.4.4.0/24 10.1.34.4 

0 

100 Oi 


A. The local preference is too high. 

B. The weight is too low. 

C. The next hop is not reachable from R2. 

D. The route originated from within the same AS. 

Answer: C 


QUESTION 188 

Refer to the exhibit. Which two statements about the output are true? (Choose two.) 
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Switch# show spanning-tree vlan 1 detail 

VLAN0001 is executing the ieee compatible Spanning Tree protocol 

Bridge Identifier has priority 32768, sysid 1, address 0007.0e8f.04c0 
Configured hello time 2, max age 20, forward delay 15 
Current root has priority 8192, address 0007.4flc.e847 
Root port is 65 (GigabitEthernet2/l), cost of root path is 119 
Topology change flag not set, detected flag not set 
Number of topology changes 1 last change occurred 00:00:35 ago 
from GigabitEthernetl/1 

Times: hold 1, topology change 35, notification 2 

hello 2, max age 20, forward delay 15 
Timers: hello 0, topology change 0, notification 0, aging 300 


A. 802.1 D spanning tree is being used. 

B. Setting the priority of this switch to 0 for VLAN 1 would cause it to become the new root. 

C. The hello, max-age, and forward delay timers are not set to their default values. 

D. Spanning-tree PortFast is enabled on GigabitEthernetl/1. 

Answer: AB 


QUESTION 189 

Which statement about the BGP originator ID is true? 

A. The route reflector always sets the originator ID to its own router ID. 

B. The route reflector sets the originator ID to the router ID of the route reflector client that injects the route 
into the AS. 

C. The route reflector client that injects the route into the AS sets the originator ID to its own router ID. 

D. The originator ID is set to match the cluster ID. 

Answer: B 


QUESTION 190 

Refer to the exhibit. Which two statements are true? (Choose two.) 


R5#show ip bgp 




BGP table version is 24, local router 

ID is 10.100.1.5 


Status codes: s 

suppressed, d damped, 

h history, * valid, > best, i - internal. 

r 

RIB-failure, S Stale 



Origin codes: i 

- IGP, e - EGP, ? - incomplete 


Network 

Next Hop 

Metric LocPrf Weight 

Path 

*> 10.100.1.1/32 

10.1.1.1 

0 100 0 

65001 23456 2 i 

r> 10.100.1.2/32 

10.1.2.1 

0 100 0 

65001 23456 i 


A. This router is not 4-byte autonomous system aware. 

B. This router is 4-byte autonomous system aware. 

C. The prefix 10.100.1.1/32 was learned through an autonomous system number with a length of 4 bytes, 
and this router is 4-byte autonomous system aware. 

D. The prefix 10.100.1.1/32 was learned through an autonomous system number with a length of 4 bytes, 
and this router is not 4-byte autonomous system aware. 

E. The prefix 10.100.1.1/32 was originated from a 4-byte autonomous system. 
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Answer: AD 


QUESTION 191 

Refer to the exhibit. Spanning tree protocol is running on all three switches. The switches are 
configured so that Link A is the active link, and Link B is the standby link. There is a problem 
occurring where Switch B starts forwarding on Link B causing a routing loop. 


Switch A 

Switch B 

STP Root 


mmmr 

Link A \ 

/ Distribution layer 
Link b / 


\ / Access Layer 


Switch C 


What is the likely cause of the problem? 

A. PortFast is not enabled. 

B. There is a port duplex mismatch. 

C. MISTP is enabled without RSTP. 

D. A single instance of STP is enabled instead of PVST. 

Answer: B 


QUESTION 192 

While troubleshooting a BGP neighborship, you notice that the neighborship is constantly going 
up and down. What is causing the neighbors to flap? 

A. The traffic-shaping and rate-limiting parameters are in correct. 

B. There is a BGP timer mismatch between both neighbors. 

C. There is a routing issue between both neighbors. 

D. A firewall is blocking TCP packets with port 179. 

E. There is a mismatch on the BGP update source between both neighbors. 

F. EBGP multihop has not been configured on the neighbors. 

Answer: A 
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QUESTION 193 

Refer to the exhibit. An EBGP session is not established between Routerl and Router2. 

Router 1 


interface LoopbackO 
ip address 2.2.2.2 255.255.255.255 

i 

interface Seriall 

ip address 10.10.10.1 255.255.255.0 

; 

router bgp 300 

neighbor 1.1.1.1 remote-as 400 
neighbor 1.1.1.1 ebgp-multihop 2 
neighbor 1.1.1.1 update-source LoopbackO 

Router 2 


interface LoopbackO 
ip address 1.1.1.1 255.255.255.255 

i 

interface SerialO 

ip address 10.10.10.2 255.255.255.0 

i 

router bgp 400 

neighbor 2.2.2.2 remote-as 300 
neighbor 2.2.2.2 ebgp-multihop 2 
neighbor 2.2.2.2 update-source LoopbackO 


A. The ebgp-multihop value must be increased to 3. 

B. A static route needs to be added on Routerl and Router2. 

C. The update-source loopback 0 command needs to be removed. 

D. Use the serial interface IP addresses in the neighbor command, but leave the update source 
pointing to loopback 0. 

Answer: B 


QUESTION 194 

While troubleshooting OSPF issues on a broadcast network, the network administrator notices 
that some routers are stuck in two-way state. 

What is the cause of this issue? 

A. This is normal on OSPF broadcast network types. 

B. The network type is configured incorrectly on these routers 

C. There is an MTU mismatch between these routers and their neighbors. 

D. This only happens to routers that have their OSPF priority set to 0. 

E. Hello packets are not being received on these routers. 
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Answer: A 


QUESTION 195 

Refer to the exhibit. You want to set up an AS path filter that allows networks that originated from 
AS4, and autonomous systems that are directly attached to AS4, to enter R1. When you tested 
the filter, you noticed that something was wrong with it. 


AS3 AS4 



AS1 


R1 

ip as-path access-list 1 permit A 4 [0-9]* 

router bgp 1 

neighbor 4.4.4.4 remote-as 
neighbor 4.4.4.4 route-map 

4 

foo in 

route-map foo permit 10 
match as-path 1 



How can this be solved? 

A. Change the regular expressing to A 4_0-9*$. 

B. Change the regular expression to A 4_0-9+$. 

C. Change the regular expression to A 4_0-9.*. 

D. Change the regular expression to A 4_0-9.$. 

Answer: A 
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QUESTION 196 

Refer to the exhibit. While troubleshooting performance issues on your network, you notice that 
CPU utilization on your Layer 3 Internet switch is very high. 

What can be done to solve this issue? 


hostname SW1 

i 

ip subnet-zero 
| 

ip routing 

t 

spanning-tree extend system-id 

t 

interface FastEthernetO/1 
no ip address 

f 

t 

f 

interface FastEthernetO/48 
description To Internet_Router 
no switchport 

ip address 200.1.1.1 255.255.255.252 

• 

interface Vlanl 
no ip address 
shutdown 

t 

interface Vlan2 
description USER_VLAN 
ip address 10,1.2.1 255.255.255.0 

t 

interface Vlan3 
description SERVERJVLAN 
ip address 10,1,3.1 255.255.255.0 

• 

ip classless 

i 

ip route 0.0.0.0 0.0.0.0 FastEthernetO/48 

f 

line con 0 
line vty 5 15 

f 

end 


A. Use an SVI instead of a routed port to connect to the Internet router. 

B. This is a capacity issue. Replace the switch with a high-performance Layer 3 switch. 

C. Point the default static route to an IP address instead of a physical interface. 

D. Configure CoPP on the Layer 3 switch. 

Answer: C 
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QUESTION 197 

Refer to the exhibit. While troubleshooting BGP in this network, you notice that routes are 
constantly flapping on R1. 

What can be done to solve this issue? 


Lo0:10.10.10.10/32 


Lo0:20.20.20.20/32 




192.168.16.0/30 


hostname R1 
t 

interface LoopbackO 

ip address 10.10.10.10 255.255.255.255 

i 

interface Serial8/0 

ip address 192.168.16.1 255.255.255.252 

i 

router bgp 1 

bgp log-neighbor-changes 
neighbor 20.20.20.20 reroote-as 2 
neighbor 20.20.20.20 ebgp-roultihop 2 
neighbor 20.20.20.20 update-source 
LoopbackO 
{ 

ip route 20.20.20.0 255.255.255.0 
192.168.16.2 


— 

v 


hostname R2 
i 

interface LoopbackO 

ip address 20.20.20.20 255.255.255.255 

t 

interface Ethernet0/0 
ip address 172.16.1.1 255.255.255.0 


interface Serial8/0 

ip address 192.168.16.2 255.255.255.252 

t 

router bgp 2 
no synchronization 
bgp log-neighbor-changes 
network 20.20.20.20 mask 255.255.255.255 
network 172.16.1.0 mask 255.255.255.0 
neighbor 10.10.10.10 remote-as 1 
neighbor 10.10.10.10 ebgp-multihop 2 
neighbor 10.10.10.10 update-source LoopbackO 
no auto-summary 
t 

ip route 10.10.10.0 255.255.255.0 192.168.16.1 


A. Disable synchronization on R1 so that routes from R2 are installed in the routing table. 

B. Disable autosummary on R1 so that routes from R2 are installed in routing table. 

C. Increase the EBGP multihop count to 3. 

D. Replace the static route on R1 with a specific route to 20.20.20.20/32. 

Answer: D 


QUESTION 198 

While troubleshooting an OSPFv3 neighborship between two routers on a Frame Relay network, 
you notice that there is a mapping issue. 

Which mapping needs to be established for OSPFv3 to establish a neighborship on Frame 
Relay? 

A. The all routers multicast address needs to be mapped to the correct DLCI. 

B. The solicited node multicast address needs to be mapped to the correct DLCI. 

C. The neighbor's link-local address needs to be mapped to the correct DLCI. 

D. The all routers broadcast address needs to be mapped to the correct DLCI. 

Answer: C 
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QUESTION 199 

Refer to the exhibit. RIO in area 3 is not able to reach EIGRP routes that have been redistributed 
into OSPF on R7. 

Which two actions can be taken to resolve this issue, while maintaining connectivity to BGP 
routes that are redistributed on rl 1 ? (Choose two) 



A. Change area 3 from NSSA to a stub area. 

B. Change area 3 from NSSA to a totally stubby area. 

C. Change area 3 from NSSA to a normal area. 

D. Change area 3 from NSSA to an NSSA totally stub area. 

Answer: CD 


QUESTION 200 

Refer to the exhibit. A host on the Internet (150.1.1.1) must be represented to the internal network 
as a local IP address. While testing, the configuration does not seem to work. 

What is wrong? 
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ip nat inside source static 10.1.1.1 200.1.1.1 

ip nat outside source static 1C.1.1.ICO 15C.1.1.1 

j 

interface EthernetC/C 
ip address 10.1.1.10 255.255.255.0 
ip nat inside 

i 

interface SerialO/C 
ip address 120.16.2.1 255.255.255.0 
ip nat outside 

j 

ip route 10.1.1.10C 255.255.255.255 120.16.2.2 


A. The nat inside translation is incorrect. 

B. The static route is incorrect. 

C. The nat outside translation is incorrect. 

D. Instead of source nat, destination nat should be used on the inside. 

E. The problem is not related to NAT configuration. The NAT configuration is correct. 

Answer: C 


QUESTION 201 

Refer to the exhibit. A network engineer is trying to configure a router as a zone-based firewall 
and needs to allow DHCP traffic to and from the router on the outside interface. After applying the 
configuration to the router, he notices that his configuration is not working. 

What is wrong with the configuration? 
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access-list extended 111 
10 permit udp any any eq 68 

access-list extended 112 
10 permit udp any any eq 67 

class-map type inspect match-any self-to-out 
match access-group 111 

class-map type inspect match-any out-to-self 
match access-group 112 

zone security outside 
zone security inside 

interface Ethernet0/1 
zone-member security outside 
interface Ethernet0/2 
zone-member security inside 

policy-map type inspect out-to-self 
class type inspect out-to-self 
pass 

class class-default 
drop 

policy-map type inspect self-to-out 
class type inspect self-to-out 
pass 

class class-default 
drop 

zone-pair security out-to-self source outside destination self 
zone-pair security self-to-out source self destination outside 


A. The UDP ports in access list 111 and access list 112 are incorrect. 

B. The wrong action has been configured on the policy map. 

C. The zone pair configuration is incorrect. 

D. The inside and outside references are incorrect. 

Answer: A 


QUESTION 202 

Refer to the exhibit. The multicast sender and both multicast receivers are in the same VLAN. 
Multicast receiver 1 can receive the multicast stream from the multicast sender, but multicast 
receiver 2 cannot receive this stream. While troubleshooting IGMP, it is noticed that the IGMP 
report from receiver 2 is received by switch 2 but not by switch 1. 

Which action will solve this issue? 
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A. Enable PIM on the SVI of the VLAN on switch DSW1 or switch DSW2. 

B. Add a straight connection between switch SW1 and switch SW2. 

C. Enable IGMPv3 membership reports on multicast receiver 2. 

D. Configure a rendezvous point on distribution switch DSW1 and distribution switch DSW2. 

Answer: A 


QUESTION 203 

Refer to the exhibit. A network engineer enables a new port channel between two switches. Both 
switches are configured for spanning-tree MST. What is causing the dispute message to appear 
on one of the switches? 


%STP-2-DISPUTE_DETECTED: Dispute detected on port port-channellOO 
on VLAN0085. 


A. The switch received an IEEE 802.1 D BPDU on that port. 

B. The BPDU that is received from the peer is inferior, with the designated role and state as learning 
or forwarding. 

C. The peer switch has been configured with a different VLAN instance mapping. 

D. The switch has received a malformed BPDU. 

Answer: B 


QUESTION 204 

Which two Cisco IOS features can be used to defend against spoofing attacks? (Choose two.) 

A. auth-proxy 

B. lock-and-key ACL 

C. IP Source Guard 

D. TCP Intercept 

E. CAR 

F. uRPF 

G. reflexive ACL 
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Answer: CF 


QUESTION 205 

For which IP SLA test type is an IP SLA responder required on the target device? 

A. Path-echo 

B. Path-jitter 

C. An IP SLA responder is not required for any of these probes. 

D. Udp-echo 

E. Tcp-connect 

F. HTTP 

Answer: C 


QUESTION 206 

Which action has the same effect as disabling spanning tree on a single switch port? 

A. Enable the PortFast feature on the interface 

B. Enable the BPDU guard feature on the interface? 

C. Enable the BPDU filter feature on the interface? 

D. Enable loop guard on the interface 

Answer: C 


QUESTION 207 

On which port type would you configure STP PortFast BPDU guard? 

A. root ports 

B. designated ports 

C. host ports 

D. alternate ports 

Answer: C 


QUESTION 208 

Refer to the exhibit. Which statement is correct? 
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Switch# show spanning-tree vlan 1 detail 

VLAN0001 is executing the ieee compatible Spanning Tree protocol 
Bridge Identifier has priority 32768, sysid 1, address 
0007.0e8f.04c0 Configured hello time 2, max age 20, forward 
delay 15 Current root has priority 8192, address 0007.4flc.e847 
Root port is 65 (GigabitEthernet2/l), cost of root path is 119 
Topology change flag not set, detected flag not set 
Number of topology changes 1 last change occurred 00:00:35 ago 
from GigabitEthernetl/1 

Times: hold 1, topology change 35, notification 2 

hello 2, max age 20, forward delay 15 
Timers: hello 0, topology change 0, notification 0, aging 300 

Switch# 


A. Setting the priority of this switch to 16384 for VLAN 1 would cause it to become the secondary root bridge. 

B. IEEE 802.1s spanning tree is being used. 

C. Spanning-tree PortFast should not be enabled on GigabitEthernet2/1. 

D. The spanning-tree timers are not set to their default values. 

Answer: C 


QUESTION 209 

Refer to the exhibit. EIGRP has been configured on all routers in this network. 

Which EIGRP neighbor will R5 consider as the successor for network 192.168.1.0/24? 


CM 

O 


00 

CD 


CM 

G) 



0 




Bandwidth 100 

Delay 10 Bandwidth 90 


Bandwidth 100 

Delay 10 


Delay 10 


0 





A. R3 will be the successor for 192.168.1.0/24.? 

B. R4 will be the successor for 192.168.1.0/24.? 

C. R2 will be the successor for 192.168.1.0/24.? 

D. There is not enough information to determine which neighbor will be considered as successor. 

E. R3 and R4 will both be a successor for 192.168.1.0/24. 

Answer: C 


QUESTION 210 
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Which statement is correct about IPv6 RA guard? 

A. In host mode, all RA and router redirect messages are allowed on the port. 

B. The RA guard feature is supported only in the egress direction; it is not supported in the ingress direction. 

C. The RA guard feature is not supported on auxiliary VLANs and private VLANs. 

D. The RA guard feature compares configuration information on the Layer 2 device with the information 
in the received RA frame. 

Answer: D 


QUESTION 211 

Refer to the exhibit. What is causing the error to occur on the MST switch? 


spanning-tree mst configuration 
spanning-tree mode mst 
spanning-tree mst 0 priority 61440 




MST switch 

%SPANTREE-2-PVSTStM_:-'AIL: Blocking designated port Git/1: Inconsistent 
superior PVST BPDU received on VLAN 2, claiming root 32770:002a,6a05.98c1 


A. When a PVST+ switch is connected to an MST switch, the 1ST root (MSTO) needs to be the root 
for all PVST+ spanning trees. 

B. When a PVST+ switch is connected to an MST switch, interaction between MST and PVST+ is 
not supported 

C. When a PVST+ switch is connected to an MST switch, root guard should be disabled on a 
per-port basis. 

D. When a PVST+ switch is connected to an MST switch, the PVST+ switch must be the root for 
all MST instances. 

Answer: A 


QUESTION 212 

Which two commands are required to enable multicast on a router, when it is known that the 
receivers use a specific functionality of IGMPv3? (Choose two.) 
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A. ip pim rp-address 

B. ip pim ssm 

C. ip pim sparse-mode 

D. ip pim passive 

Answer: BC 


QUESTION 213 

What are three causes for unicast flooding? (Choose three.) 

A. asymmetric routing 

B. duplex mismatch 

C. unidirectional link 

D. spanning-tree protocol topology changes 

E. forwarding table overflow 

F. hardware failure on a NIC 

G. routing loop 

Answer: ADE 


QUESTION 214 

Refer to the exhibit. Based on the configuration, what will be the final OSPFv3 neighborship state 
of R1 and R2? 



interface SerialO/C 


interface Seriai0/0 

no ip address 


no Ip address 

encapsulation fraire-relay 


encapsulation frame-relay 

ipv6 address 20C1 iCClE :1:1!!11/64 


ipvG address 2001:CC1E:1:1::12/64 

ipv6 ospf network broadcast 


ipv6 ospf network broadcast 

ipv6 ospf 1 area 0 


ipv6 ospf 1 area 0 

serial restart-delay 0 


serial restart-delay 0 

frame-relay trap 1ov6 2001 :CC*.E: 1:1: :12 101 


f rair.e-relay map ipv6 2001 :CC1E: 1:1:: 11 202 

broadcast 


broadcast 

i 

ipv6 router ospf 1 


iov6 router ospf 1 

router-id 1.1.1.1 


router-id 2.2.2.2 

mg< 


log- ad j acency-char.ge3 


A. Both routers will be stuck in init state. 

B. Both routers will be stuck in two-way state. 

C. Both routers will be stuck in exstart/exchange state. 

D. Both routers will be in full (DR or BDR) state. 
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Answer: C 


QUESTION 215 

Refer to the exhibit. R4 is configured as an OSPF stub. Which action must be taken to avoid R4 
from learning OSPF type 3 LSA inter-area routes from 209.165.202.130? 


R4#show ip route 

Gateway of last resort is 209.165.202.130 to network 0.0.0.0 

209.165.200.0/28 is subnetted, 1 subnets 
O IA 209.165.200.240 

[110/782] via 209.165.202.130, 00 :35: 27 ,FastEthernet0/0 

209.165.201.0/27 is subnetted, 1 subnets 
O IA 209.165.201.0 niO/783] via 209.165.202.130, 00:35:27, 
FastEthernet0/0 

209.165.202.0/27 is subnetted, 1 subnets 
C 209.165.202.128 is directly connected, FastEthernet0/0 

0*IA 0.0.0.0/0 [110/2] via 209.165.202.130, 00:35:27, 

FastEthernetO/0 


A. Disable sending summary LSAs by adding no-summary to the stub command on the ABR. 

B. R4 must filter the incoming OSPF updates using route maps. 

C. Disable sending summary LSAs by adding no-summary to the stub command on the ASBR. 

D. Control of inter-area route propagation is best handled with EIGRP. 

Answer: A 


QUESTION 216 

Which QoS mechanism will prevent a decrease in TCP performance? 

A. Shaper 

B. Policer 

C. WRED 

D. Rate-Limit 

E. LLQ 

F. Fair-Queue 

Answer: C 


QUESTION 217 

What needs to be enabled for Unicast RPF? 

A. BGP 

B. OSPF 

C. CEF 

D. RIP 

Answer: C 
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QUESTION 218 

Refer to the exhibit. Which interface(s) will show ip rpf 1.1.1.2 indicate as RPF interface(s)? 


Router#sh ip rente 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

ia - IS-IS inter area, * - candidate default, U - per-nser static route 

o - ODR, P - periodic downloaded static route 


Gateway of last resort is not set 


1.0.0.0/32 is subnetted, 2 subnets 
C 1.1.1.1 is directly connected, Loopback.0 

O 1.1.1.2 [110/11] via 3.3.3.2, 00:00:06, Etherniil/p 

[110/11] via 2.2.2.2, 00:00:06, Ethernet0/0 
2.0.0.0/24 is subnetted, 1 subnets 
C 2.2.2.0 is directly connected, Ethernet0/0 

3.0.0.0/24 is subnetted, 1 subnets 
C 3.3.3.0 is directly connected, Ethernetl/0 


Router#sh ip pim neighbor 
PIM Neighbor Table 

Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority, 
S - State Refresh Capable 
Neighbor Interface 

Address 

2.2.2.2 Ethernet0/0 

3.3.3.2 Ethernetl/0 


Uptime/Expires Ver DR 

Prio/Mode 

00:21:13/00:01:43 v2 1 / DR S 
00:01:04/00:01:39 v2 1 / DR S 


A. Ethernet 1/0 

B. Ethernet 0/0 

C. Both Ethernet 0/0 and Ethernet 1/0 

D. RPF will fail 

Answer: A 


QUESTION 219 

In order to maintain security, with which hop count are IPv6 neighbor discovery packets sent? 

A. 0 

B. 1 

C. 255 

D. 256 

Answer: C 


QUESTION 220 

Which command will define a VRF with name 'CCIE' in IPv6? 

A. ip vrf CCIE 

B. ipv6 vrf CCIE 

C. vrf definition CCIE 
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D. ipv6 vrf definition CCIE 

Answer: C 
Explanation: 

Vrf definition CCIE creates a multiprotocol VRF for both IPv4 and IPv6 


QUESTION 221 

Refer to the exhibit. R4 is unable to establish an EIGRP adjacency with R3, the only other router 
on the FaO/O LAN segment, although it is able to ping R3. An EIGRP debug on R4 does not 
provide any clues. What might be the cause of the problem? 


R4#show ip protocols 

Routing Protocol is "eigrp 100" 

Outgoing update filter list for all interfaces is 
Incoming update filter list for all interfaces is 
Default networks flagged in outgoing updates 
Default networks accepted from incoming updates 
EIGRP metric weight Kl=l, FT2=0 r K3=l , K4=0, K5=0 
EIGRP maximum hopcount 100 
EIGRP maximum metric variance 1 
Redistributing: eigrp 100 
EIGRP NSF-aware route hold timer is 240s 
Automatic network summarization is not in effec 
Maximum path: 4 
Routing for Networks: 

209.165.202.128/27 
Passive Interface(s): 

FastEthernet0/0 
Routing Information Sources: 

Gateway Distance Last Update 

Distance: internal 90 external 170 


not set 
not set 



R3#show ip protocols 

Routing Protocol is "eigrp 100" 

Outgoing update filter list for all interfaces not set 

Incoming update filter list for all interfaces not set 

Default networks flagged in outgoing updates 

Default networks accepted from incoming updates 

EIGRP metric weight Kl=l, K2=0, K3=l, K4=0, K5=0 

EIGRP maximum hopcount 100 

EIGRP maximum metric variance 1 

Redistributing: sftatid, eigrp 100 

EIGRP NSF-aware route hold timer is 240s 

Automatic network summarization is not in effect 

Maximum path: 4 

Routing for Networks: 

209.165.200.224/28 
209.165.202.128/28 
Routing Information Sources: 

Gateway Distance Last Update 

209.165.200.242 90 14:09:12 

Distance: internal 90 external 170 


R4#ping 209.165.202.139 

Sending 5, 100-byte ICMP Echos to 209.165.202.139, timeout is 2 seconds: 
! ! ! ! ! 


A. The passive interface has disabled the transmission of EIGRP multicast hello packets. 

B. EIGRP on R4 should be routing to network 209.165.202.128/28. 

C. The designated router/backup designated router (DR/BDR) selection requires that at least three 
routers are on a LAN. 

D. The routing metrics on R4 and R3 are different. 

Answer: A 
Explanation: 

The passive-interface command disables the transmission and receipt of EIGRP hello packets on 
an interface. Unlike IGRP or RIP, EIGRP sends hello packets in order to form and sustain 
neighbor adjacencies. Without a neighbor adjacency, EIGRP cannot exchange routes with a 
neighbor. Therefore, the passive-interface command prevents the exchange of routes on the 
interface. Although EIGRP does not send or receive routing updates on an interface configured 
with the passive-interface command, it still includes the address of the interface in routing 
updates sent out of other non-passive interfaces. 


QUESTION 222 

Refer to the exhibit. The static route to 150.189.131.6 on R3 is intended to serve as the gateway 
of last resort for the EIGRP network. However, while R3 installs the gateway of last resort, its 
EIGRP neighbor R4 does not. What might explain the problem? 
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R3#show running-config 
router eigrp 100 

network. 209.165.200.224 0.0.0.31 
network. 209.165.202.128 0.0.0.31 
no auto-summary 

; 

ip route 0.0.0.0 0.0.0.0 150.189.131.6 
R3#show ip route 

Gateway of last resort is 150.189.131.6 to network 



R4#show ip route 

Gateway of last resort is not set 

209.165.200.0/27 is subnetted, 1 subnets 
D 209.165.200.224 

[90/20514560] via 209.165.202.139, Fa0/0 
209.165.201.0/2,7 is subnetted, 1 subnets 
D 200. Q3 

f 0*90/20517120] via 209.165.202.139, Fa0/0 
(^n s ^T) 209. 165.202.0/27 is subnetted, 1 subnets 
r£ ,v 209.165.202.128 is directly connected, Fa0/0 


209.165.200.0/27 is subnetted, 1 subnets 
209.165.200.224 is directly connected, Serial0/0/0 
209.165.201.0/27 is subnetted, 1 subnets 
209.165.201.0 [90/20560] via 209.165.200.242, Ser0/0/0 
209.165.202.0/27 is subnetted, 1 subnets 
209.165.202.128 is directly connected, FastEthernet0/0 
150.189.0.0/24 is subnetted, 1 subnets 
150.189.131.0 is directly connected, FastEthernetO/1 
0.0.0.0/0 [1/0] via 150.189.131.6 


A. R3 is missing the global command ip default-network 150.189.131.6. 

B. Autosummary must be enabled on R3 in order for default-routes to be propagated. 

C. Default-networks must be configured individually on each EIGRP router. 

D. The static route on R3 must be redistributed into EIGRP. 

Answer: D 
Explanation: 

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c2d96.shtml (see 
potential problems) 


QUESTION 223 

Refer to the exhibit. Which statement would explain why R4 and R3 are unable to build an EIGRP 
adjacency? 


R4#show ip protocols 

Routing Protocol is "eigrp 100" 

Outgoing update filter list for all interfaces i 
Incoming update filter list for all interfaces i 
Default networks flagged in outgoing updates 
Default networks accepted from incoming updates 
EIGRP metric weight Kl=l, K2=0, K3=l, K4=0, K5=0 
EIGRP maximum hopcount 100 
EIGRP maximum metric variance 1 
Redistributing: eigrp 100 
EIGRP NSF-aware route hold timer is 240s 
Automatic network summarization is not in effect 
Maximum path: 4 
Routing for Networks: 

209.165.202.128/27 
Routing Information Sources: 

Gateway Distance Last Update 

Distance: internal 90 external 170 


not set 
not set 



R3#show ip protocols 

Routing Protocol is "eigrp 100" 

Outgoing update filter list for all interfaces is not set 

Incoming update filter list for all interfaces is not set 

Default networks flagged in outgoing updates 

Default networks accepted from incoming updates 

EIGRP metric weight Kl=l, K2=255, K3=l, K4=0, K5=0 

EIGRP maximum hopcount 100 

EIGRP maximum metric variance 1 

Redistributing: eigrp 100 

EIGRP NSF-aware route hold timer is 240s 

Automatic network summarization is not in effect 

Maximum path: 4 

Routing for Networks: 

209.165.200.224/28 
209.165.202.128/28 
Routing Information Sources: 

Gateway Distance Last Update 

209.165.200.242 90 00:01:26 

Distance: internal 90 external 170 


A. The network masks on R4 (209.165.202.128/27) and R3 (209.165.202.128/28) are different. 

B. The local EIGRP process on R4 and R3 are the same (but they must be unique). 

C. The routing metrics on R4 and R3 are different. 

D. R4 is not routing for the network 209.165.200.224/28. 

Answer: C 
Explanation: 

http://packetlife.net/blog/2010/aug/9/eigrp-feasible-successor-routes/ 


QUESTION 224 
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Refer to the exhibit. A tunnel is configured between R3 to R4 sourced with their loopback 
interfaces. The ip pirn sparse-dense mode command is configured on the tunnel interfaces and 
multicast-routing is enabled on R3 and R4. The IP backbone is not configured for multicast 
routing. 



The RPF check has failed toward the multicast source. 

Which two conditions could have caused the failure? (Choose two.) 

A. The route back to the RP is through a different interface than tunnel 0. 

B. The backbone devices can only route unicast traffic. 

C. The route back to the RP is through the same tunnel interface. 

D. A static route that points the RP to GigabitEthernetl/O is configured. 

Answer: AD 


QUESTION 225 

Which option is the default number of routes over which EIGRP can load balance? 

A. 1 

B. 4 

C. 8 

D. 16 

Answer: B 


QUESTION 226 

When EIGRP is used as the IPv4 PE-CE protocol, which two requirements must be configured 
before the BGP IPv4 address family can be configured? (Choose two.) 

A. the route distinguisher 

B. the virtual routing and forwarding instance 

C. the loopback interface 

D. the router ID 

Answer: AB 
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QUESTION 227 

Which three EIGRP packet types are valid? (Choose three.) 

A. open 

B. notification 

C. keep-alive 

D. hello 

E. query 

F. reply 

Answer: DEF 


QUESTION 228 

Which term describes an EIGRP route that has feasible successors? 

A. active 

B. passive 

C. redistributed 

D. invalid 

Answer: B 


QUESTION 229 

Refer to the exhibit. If EIGRP is configured between two routers as shown in this output, which 
statement about their EIGRP relationship is true? 


Routing Protocol is "eigrp 1” 

Outgoing update filter list for all interfaces is not set 

Incoming update filter list for all interfaces is not set 

Default networks flagged in outgoing updates 

Default networks accepted from incoming updates 

EIGRP metric weight Kl-1, KIM), K3*l, K4*l, K5*0 

EIGRP maximum hopcount 100 

EIGRP maximum metric variance 1 

Redistributing: eigrp 1 

EIGRP HSF-awate route hold timer is 240s 

Automatic network summarization is not in effect 

Maximum path: 4 

Routing for Networks: 

10.1.24.0/24 

10.1.34.0/24 

Routing Information Sources: 

Gateway Distance Last Update 

10.1.24.2 90 00:00:28 

10.1.34.3 90 00:00:28 

Distance: internal 90 external 170 


A. The routers will establish an EIGRP relationship successfully. 
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B. The routers are using different authentication key-strings. 

C. The reliability metric is enabled. 

D. The delay metric is disabled. 

Answer: C 


QUESTION 230 

Which type of OSPF packet is an OSPF link state update packet? 

A. type 1 

B. type 2 

C. type 3 

D. type 4 

E. type 5 

Answer: D 


QUESTION 231 

If two OSPF type 3 prefixes have the same metric, and are within the same process, which 
prefix(es) are installed into the routing table? 

A. The route whose originator has the lower router ID. 

B. Both routes are installed. 

C. The route whose originator has the higher router ID. 

D. The first route that is learned. 

Answer: B 


QUESTION 232 

Which OSPF feature supports LSA rate limiting in milliseconds to provide faster convergence? 

A. LSA throttling 

B. incremental SPF 

C. fast hello 

D. SPF tuning 

Answer: A 


QUESTION 233 

Which two options are BGP attributes that are updated when router sends an update to its eBGP 
peer? (Choose two.) 

A. weight 

B. local preference 

C. AS_path 

D. next-hop 

Answer: CD 
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QUESTION 234 

Which BGP aggregate address configuration advertises only the aggregate address, with 
attributes inherited from the more specific routes? 

A. summary-only as-set 

B. as-set 

C. summary 

D. summary-only 

Answer: A 


QUESTION 235 

Refer to the exhibit. If ISIS is configured utilizing default metrics, what is the cost for Router 4 to 
reach the 10.2.2.0/24 network? 



A. 1 

B. 20 

C. 30 

D. 63 

Answer: C 


QUESTION 236 

Refer to the exhibit. Which three statements about this configuration are true? (Choose three.) 
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ip route vrf red 0.0.0.0 0.0.0.0 192.168.1.1 global 


A. The default route appears in the global routing table. 

B. The static route appears in the VRF red routing table. 

C. The subnet 192.168.1.0 is unique to the VRF red routing table. 

D. The static route is added to the global routing table and leaked from the VRF red. 

E. The subnet 192.168.1.0 is unique to the global routing table. 

F. 192.168.1.1 is reachable using any of the addresses on the router where the static route is configured. 

Answer: ABE 


QUESTION 237 

Refer to the exhibit. Which route type is displayed when you enter the command show ip route 
supernets-only on a device with this configuration? 


ip route 10.0.0.0 255.255.255.0 192.168.1.2 
interface loopbackO 

ip address 10.0.0.1 255.255.255.0 
router rip 

network 10.0.0.0 
router eigrp 1 

network 10.0.0.0 
router ospf 1 

network 10.0.0.0 0.0.0.255 area 0 


A. Connected 

B. OSPF 

C. RIP 

D. EIGRP 

E. An empty route set 

Answer: E 


QUESTION 238 

Which statement about passive interfaces is true? 

A. The interface with the OSPF passive interface configuration appears as a not-so-stubby network. 

B. The interface with the EIGRP passive interface configuration ignores routes after the exchange 
of hello packets. 

C. The interface with the IS-IS passive interface configuration sends the IP address of that interface 
in the link-state protocol data units. 

D. Passive interface can be configured on the interface for IS-IS. 

Answer: C 


QUESTION 239 
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Refer to the exhibit. Which two routes are included in the route update? (Choose two.) 


access-list 1 permit 10.3.5.0 0.0.3.255 
router eigrp 1 

network 10.0.0.0 
no auto-summary 
distribute-list 1 out 


A. 10.3.0.0 

B. 10.3.2.0 

C. 10.3.4.0 

D. 10.3.6.0 

Answer: CD 


QUESTION 240 

Which two statements about the metric-style wide statement as it applies to route redistribution 
are true? (Choose two.) 

A. It is used in IS-IS. 

B. It is used in OSPF. 

C. It is used in EIGRP. 

D. It is used for accepting TLV. 

E. It is used in PIM for accepting mroutes. 

F. It is used for accepting external routes. 

Answer: AD 


QUESTION 241 

You are tasked with configuring a router on an OSPF domain to import routes from an EIGRP 
domain and summarize the routes to 192.168.64.0. 

Which statement configures the summarized route and provides equal-path route redundancy? 

A. area 32 range 192.168.64.0 255.255.192.0 cost 100 

B. area 32 range 192.168.64.0 255.255.63.0 cost 100 

C. area 32 range 192.168.64.0 255.255.64.0 cost 100 

D. area 32 range 192.168.64.0 255.255.192.0 multi-path 

Answer: A 


QUESTION 242 

Packets from a router with policy-based routing configured are failing to reach the next hop. 
Which two additions can you make to the router configuration to enable the packets to flow 
correctly? (Choose two.) 

A. Enable ip proxy-arp on the exiting interface. 

B. Specify the next hop as an address. 

C. Specify the next hop as an interface. 
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D. Add a match-any permit statement to the route map. 

Answer: AB 


QUESTION 243 

Which two options are EIGRP route authentication encryption modes? (Choose two.) 

A. MD5 

B. HMAC-SHA2-256bit 

C. ESP-AES 

D. HMAC-AES 

Answer: AB 


QUESTION 244 

Which technology facilitates neighbor IP address resolution in DMVPN? 

A. CEF 

B. mGRE 

C. a dynamic routing protocol 

D. NHRP 

Answer: D 


QUESTION 245 

Which two are features of DMVPN? (Choose two.) 

A. It does not support spoke routers behind dynamic NAT. 

B. It requires IPsec encryption. 

C. It only supports remote peers with statically assigned addresses. 

D. It supports multicast traffic. 

E. It offers configuration reduction. 

Answer: DE 


QUESTION 246 

Refer to the exhibit. What is wrong with the configuration of this tunnel interface? 


interface tunnel 1 
tunnel source ethernet 0 
tunnel mode ipveip isatap 
ipv6 address 2001:D38::/64 eui-64 


A. ISATAP tunnels cannot use the EUI-64 address format. 

B. No tunnel destination has been specified. 

C. The tunnel source of an ISATAP tunnel must always point to a loopback interface. 

D. Router advertisements are disabled on this tunnel interface. 
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Answer: D 


QUESTION 247 

Which two statements are true about a 6to4 tunnel connecting two IPv6 islands over the IPv4 
Internet? (Choose two.) 

A. It embeds the IPv6 packet into the IPv4 payload with the protocol type set to 51. 

B. It works by appending the private IPv4 address (converted into hexadecimal format) to the 2002::/16 prefix. 

C. It embeds the IPv6 packet into the IPv4 payload with the protocol type set to 41. 

D. It works by appending the public IPv4 address (converted into hexadecimal format) to the 2002::/16 prefix. 

Answer: CD 


QUESTION 248 

Refer to the exhibit. What will be the IP MTU of tunnel 0? 


interface GigabitEthernetO/O 

ip address 10.10.10.1 255.255.255.0 

duplex auto 

speed auto 

media-type rj45 

j 

interface TunnelO 

ip address 192.168.1.1 255.255.255.252 
tunnel source GigabitEthernet0/0 
tunnel destination 192.168.1.240 


A. 1500 

B. 1524 

C. 1476 

D. 1452 

E. 1548 

Answer: C 


QUESTION 249 

On an MPLS L3VPN, which two tasks are performed by the PE router? (Choose two.) 

A. It exchanges VPNv4 routes with other PE routers. 

B. It typically exchanges iBGP routing updates with the CE device. 

C. It distributes labels and forwards labeled packets. 

D. It exchanges VPNv4 routes with CE devices. 

E. It forwards labeled packets between CE devices. 

Answer: AC 
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QUESTION 250 

Refer to the exhibit. Which statement describes what the authoritative flag indicates? 


Rlfshow ip nhrp detail 

10.1.0.2/32 via 10.1.0.2/ TunnelO created 00:06:35, expire 00:00:29 
Type: dynamic. Flags: authoritative unique registered used 
NBMA address: 192.168.2.2 

10.1.0.3/32 via 10.1.0.3, TunnelO created 00:05:28, expire 00:00:52 
Type: dynamic. Flags: authoritative unique registered used 
NBMA address: 152.168.3.3 


A. Authentication was used for the mapping. 

B. R1 learned about the NHRP mapping from a registration request. 

C. Duplicate mapping in the NHRP cache is prevented. 

D. The registration request had the same flag set. 

Answer: B 


QUESTION 251 

Refer to the exhibit. Which two statements about this configuration are true? (Choose two.) 


Fa0/0 

168 1 1/29 

1010101 LoO 



es 

10.10 10.2 LoO 


Fa0/0 

f 172 168 1 2/29 


Fa0/0 

168 14/29 


hostname Rl 

1 

crypto isakmp policy 1 

authentication pre-share 

crypto isakmp key dmvpn address 
0 . 0 . 0.0 0 . 0 . 0.0 

1 

crypto ipsec transform-set vpntrans 

ah-sha-hmac esp-aes 256 esp-sha-hmac 

! 

crypto ipsec profile DMV_PRO 
set transform-set vpntrans 

1 

<output omitted> 

i 

interface TunnelO 

ip address 192.168.1.1 255.255.255.0 
no ip redirects 
ip nhrp authentication dmvpn 
ip nhrp map multicast dynamic 
ip nhrp network-id 99 
tunnel source FastEthernet0/1 
tunnel mode gre multipoint 
tunnel protection ipsec profile 
DMV_PRO 

! 


A. Spoke devices will be dynamically added to the NHRP mappings. 

B. The next-hop server address must be configured to 172.168.1.1 on all spokes. 

C. The next-hop server address must be configured to 192.168.1.1 on all spokes. 

D. Rl will create a static mapping for each spoke. 

Answer: AC 


QUESTION 252 

Which two tunneling techniques determine the IPv4 destination address on a per-packet basis? 
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(Choose two.) 

A. 6to4 tunneling 

B. ISATAP tunneling 

C. manual tunneling 

D. GRE tunneling 

Answer: AB 


QUESTION 253 

Which two services are used to transport Layer 2 frames across a packet-switched network? 
(Choose two.) 

A. Frame Relay 

B. ATM 

C. AToM 

D. L2TPv3 

Answer: CD 


QUESTION 254 

Which two statements about the C-bit and PW type are true? (Choose two.) 

A. The C-bit is 1 byte and the PW type is 15 bytes. 

B. The PW type indicates the type of pseudowire. 

C. The C-bit is 3 bits and the PW type is 10 bits. 

D. The C-bit set to 1 indicates a control word is present. 

E. The PW type indicates the encryption type. 

Answer: BD 


QUESTION 255 

Which statement describes the function of rekey messages? 

A. They prevent unencrypted traffic from passing through a group member before registration. 

B. They refresh IPsec SAs when the key is about to expire. 

C. They trigger a rekey from the server when configuring the rekey ACL. 

D. They authenticate traffic passing through a particular group member. 

Answer: B 


QUESTION 256 

Which three statements about GET VPN are true? (Choose three.) 

A. It encrypts WAN traffic to increase data security and provide transport authentication. 

B. It provides direct communication between sites, which reduces latency and jitter. 

C. It can secure IP multicast, unicast, and broadcast group traffic. 

D. It uses a centralized key server for membership control. 
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E. It enables the router to configure tunnels. 

F. It maintains full-mesh connectivity for IP networks. 

Answer: ABD 


QUESTION 257 

Refer to the exhibit. If the traffic flowing from network 192.168.254.0 to 172.16.250.0 is 
unencrypted, which two actions must you take to enable encryption? (Choose two). 



ip access-list standard VPN 

permit ip 172.1£.0.0 0.0.255.2S5 

crypto isakmp policy 10 
encr 3des 
hash md5 

authentication pre-share 
group 2 

lifetime 86400 

crypto isakmp key 0 CISCO address 205.165.200.226 
crypto isakmp keepalive 10 2 periodic 
crypto ipsec transform-set T-SET esp-3des es-md5-hmac 
crypto map VPN-MAP 10 ipsec-isakmp 
set peer 205.165.200.226 
set transform-set TS 
match address VPN 


ip access-list extended VPN 

permit ip 172.16.0.0 0.0.2SS.2S5 

crypto isakmp policy 10 
encr 3des 
hash md5 

authentication pre-share 
group 2 

lifetime 86400 

crypto isakmp key 0 CISCO address 205.165.200.225 
crypto isakmp keepalive 10 2 periodic 
crypto ipsec transform-set TS esp-aes 256 esp-sha-hmac 
crypto map VPN-MAP 10 ipsec-isakmp 
set peer 205.165.200.225 
set transform-set TS 
match address VPN 


router eigrp 10 
no auto-summary 

network 205.165.200.224 0.0.0.31 
network 172.16.250.0 0.0.0.255 

interface GigabitEthemetO/O 
crypto map VPN-MAP 


router eigrp 10 
no auto-summary 

network 205.165.200.224 0.0.0.31 
network 152.168.254.0 0.0.0.63 

interface GigabitEthemetO/0 
crypto map VPN-MAP 


A. Configure the transform-set on R2 to match the configuration on R1. 

B. Configure the crypto map on R2 to include the correct subnet. 

C. Configure the ISAKMP policy names to match on R1 and R2. 

D. Configure the crypto map names to match on R1 and R2. 

E. Configure the Diffie-Hellman keys used in the ISAKMP policies to be different on R1 and R2. 

Answer: AB 

QUESTION 258 

Which service is disabled by the no service tcp-small-servers command? 

A. the finger service 

B. the Telnet service 

C. the Maintenance Operation Protocol service 

D. the chargen service 

Answer: D 
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QUESTION 259 

What is the ip dhcp snooping information option command used for? 

A. It displays information about the DHCP snooping table. 

B. It sends a syslog and an SNMP trap for a DHCP snooping violation. 

C. It enables the DHCP snooping host tracking feature. 

D. It enables DHCP option 82 data insertion. 

Answer: D 


QUESTION 260 

Which two statements are true about unicast RPF? (Choose two.) 

A. Unicast RPF requires CEF to be enabled. 

B. Unicast RPF strict mode works better with multihomed networks. 

C. Unicast RPF strict mode supports symmetric paths. 

D. Unicast RPF strict mode supports asymmetric paths. 

E. CEF is optional with Unicast RPF, but when CEF is enabled it provides better performance. 

Answer: AC 


QUESTION 261 

Under Cisco IOS Software, which two features are supported in RADIUS Change of Authorization 
requests? (Choose two.) 

A. session identification 

B. session reauthentication 

C. session termination 

D. host termination 

Answer: AC 


QUESTION 262 

In a PfR environment, which two statements best describe the difference between active mode 
monitoring and fast mode monitoring? (Choose two.) 

A. Active mode monitoring can monitor and measure actual traffic via NetFlow data collection. 

B. Fast mode monitoring can measure bursty traffic better than active mode. 

C. Active mode monitoring uses IP SLA probes for the purpose of obtaining performance characteristics 
of the current WAN exit link. 

D. Fast mode monitoring uses IP SLA probes via all valid exits continuously to quickly determine an 
alternate exit link. 

Answer: CD 


QUESTION 263 

Refer to the exhibit. Which two statements are true regarding prefix 10.1.0.0/24? (Choose two.) 
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MC#sh pfr master traffic-class 
OER Prefix Statistics: 

Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms), 

P - Percentage below threshold. Jit - Jitter (ms), 

MOS - Mean Opinion Score 

Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million), 
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable 
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all 
# - Prefix monitor mode is Special, & - Blackholed Prefix 
% - Force Next-Hop, * - Prefix is denied 


DstPrefix 

Flags 

PasSDly 

ActSDly 

Appl_ID 

PasLDly 

ActLDly 

Dscp Prot SrcPort 

State Time 

PasSUn PasLUn PasSLos 
ActSUn ActLUn ActSJit 

DstPort 

CurrBR 

PasLLos 

ActPMOS 

SrcPrefix 
CurrI/F 
EBw 

ActSLos 

Protocol 

IBw 

ActLLos 

10.1.0.0/24 

N 

N 

N 

N 

N 

N 



INPOLICY* 

@83 


10.4.5.4 

Et0/1 

U 

52 

52 

0 

0 

0 

0 

67 

7 

51 

51 

0 

0 

N 

N 

N 

N 


A. The prefix is in policy, and Cisco PfR rerouted the traffic via 10.4.5.3 Et0/1 because of an OOP event. 

B. Cisco PfR is monitoring the prefix via passive NetFlow mode only. 

C. Cisco PfR is monitoring the prefix via active, fast, or active throughput IP SLA probe mode only. 

D. The prefix is in policy, and Cisco PfR did not reroute the traffic via 10.4.5.3 Et0/1 because the traffic 
was previously in policy. 

E. Cisco PfR is monitoring the prefix via mode monitor, which provides both NetFlow and IP SLA measurements. 

Answer: DE 


QUESTION 264 

In the DiffServ model, which class represents the lowest priority with the highest drop probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 

Answer: B 


QUESTION 265 

Which two hashing algorithms can be used when configuring SNMPv3? (Choose two.) 

A. MD5 

B. SHA-1 

C. Blowfish 

D. DES 

E. AES 

F. SSL 

Answer: AB 
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QUESTION 266 

Which two statements about the default router settings for SSH connections are true? (Choose 
two.) 

A. The default timeout value for the SSH negotiation phase is 120 seconds. 

B. Data is exchanged in clear text by default unless AAA authentication is enabled on the console. 

C. The default number of authentication retries is 3. 

D. SSH is enabled by default when you configure the username command. 

Answer: AC 


QUESTION 267 

Refer to the exhibit. Which statement about the R1 configuration is true? 


Rlfsh logging 

Syslog logging: enabled <12 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) 
No Active Message Discriminator. 

No Inactive Message Discriminator. 

Console logging: level debugging, 28 messages logged, xml disabled, filtering disabled 
Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled 
Buffer logging: level debugging, 7 messages logged, xml disabled, filtering disabled 
Logging Exception size <4056 bytes) 

Count and timestamp logging messages: disabled 
Persistent logging: disabled 

No active filter modules. 

ESM: 0 messages dropped 

%SYS-5-C0NFIG_I: Configured from console by console 

Trap logging: level informational, 32 message lines logged 

Log Buffer (4056 bytes): 

%BGP-5-ADJCHANGE: neighbor 205.165.200.226 Down Interface flap 

%LINK-5-CHANGED: Interface FastEchetnetO/0, changed state to administratively down 
% LINE PROTO-5-UPDONN: Line protocol on Interface Fas tE theme t0/0, changed state to down 
%SYS-5-C0NFIG_I: Configured from console by console 


A. It supports the service timestamps log uptime command to display time stamps. 

B. The logging buffer command was used to increase the default of the buffer. 

C. The logging of warning messages is disabled. 

D. Log message sequence numbering is disabled. 

Answer: D 


QUESTION 268 

Which two statements about class maps are true? (Choose two.) 

A. As many as eight DSCP values can be included in a match dscp statement. 

B. The default parameter on a class map with more than one match command is match-any. 

C. The match class command can nest a class map within another class map. 

D. A policy map can be used to designate a protocol within a class map. 

Answer: AC 


QUESTION 269 
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Refer to the exhibit. Which statement about configuring the switch to manage traffic is true? 



A. The switchport priority extend cos command on interface FastEthernetO/O prevents traffic to and 
from the PC from taking advantage of the high-priority data queue that is assigned to the IP phone. 

B. The switchport priority extend cos command on interface FastEthernetO/O enables traffic to and 
from the PC to use the high priority data queue that is assigned to the IP phone. 

C. When the switch is configured to trust the CoS label of incoming traffic, the trusted boundary feature 
is disabled automatically. 

D. The mis qos cos override command on interface FastEthernetO/O configures the port to trust the 
CoS label of traffic to and from the PC. 

Answer: A 


QUESTION 270 

Which IP SLA operation type is enhanced by the use of the IP SLAs Responder? 

A. DNS 

B. HTTP 

C. ICMP Echo 

D. UDP Echo 

Answer: D 


QUESTION 271 

Refer to the exhibit. Router 1 and Router 2 use HSRP to provide first hop redundancy for hosts 
on the 10.1.2.0/24 network. 
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Which feature can provide additional failover coverage for the PC? 

A. Cisco Express Forwarding 

B. NetFlow 

C. Accounting 

D. Enhanced Object Tracking 

Answer: D 


QUESTION 272 

Which neighbor-discovery message type is used to verify connectivity to a neighbor when the 
link-layer address of the neighbor is known? 

A. neighbor solicitation 

B. neighbor advertisement 

C. router advertisement 

D. router solicitation 

Answer: A 


QUESTION 273 

Refer to the exhibit. Which two possible network conditions can you infer from this configuration? 
(Choose two.) 
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R2#show ntp associations 

address ref clock st when poll reach delay offset 

-10.1.1.1 0.0.0.0 16 61 64 0 0.0 0.00 

* master (synced), # master (unsynced), + selected, - candidate, 

disp 

16000. 

- configured 

R2#show ip route 1 include 10.1.1.1 

O 10.1.1.1/32 [110/11] via 10.1.12.1, 00:20:28, FastEthernet0/0.12 

R2#show run I include ntp 

ntp authentication-key 1 md5 110A1016141D 7 

ntp authenticate 

ntp trusted-key 1 

ntp clock-period 17179894 

ntp 3erver 10.1.1.1 key 1 


Rl#show ip route connected 

209.165.200.0/27 is subnetted, 1 subnets 

C 209.165.200.224 is directly connected, FastEthernet0/0.112 

10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 

C 10.1.13.0/24 is directly connected, FastEthernetO/1.13 

C 10.1.12.0/24 is directly connected, FastEthernetO/0.12 

C 10.1.1.0/24 is directly connected, LoopbackO 



A. The authentication parameters on R1 and R2 are mismatched. 

B. R1 is using the default NTP source configuration. 

C. R1 and R2 have established an NTP session. 

D. R2 is configured as the NTP master with a stratum of 7. 

Answer: AB 


QUESTION 274 

Which three message types are used for prefix delegation in DHCPv6? (Choose three.) 

A. DHCP Discover 

B. Renew 

C. Solicit 

D. DHCP Offer 

E. Advertise 

F. DHCP Ack 

Answer: BCE 


QUESTION 275 

Which two statements about static NAT are true? (Choose two.) 

A. An outside local address maps to the same outside global IP address. 

B. An inside local address maps to a different inside global IP address. 

C. An outside local address maps to a different outside global IP address. 

D. An inside local address maps to the same inside global IP address. 

Answer: AD 
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QUESTION 276 

Drag and Drop Question 


Drag and drop the IPv6 prefix on the left to the correct address type on the right 



FF00::/8 


Unique Local Unicast 



FEC0::/10 


Global Unicast 



2000:73 


Link Local Unicast 



FE80::/10 


Multicast 



FC00::/7 




FE00::/9 



Answer: 



QUESTION 277 

Drag and Drop Question 



Answer: 
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Drag and drop the BGP attribute on the left to the correct category on the right 


Community 

BGP Well-Known Mandatory Attribute 


Next-Hop 

1 1 
Atomic-Aggregate 

Aggregator 

BGP Well-Known Discretionary Attribute 


Atomic-Aggregate 

Cluster List 



Next-Hop 

BGP Optional Nontransitive Attribute 

MED 

Cluster List 


MED 


QUESTION 278 

Drag and Drop Question 

Uses UDP 

TACACS+ 



Separates authentication, authorization, and accountability 




Is proprietary to Cisco 


Encrypts only the password 

RADIUS 


Answer: 


Uses UDP 


TACACS+ 




Is proprietary to Cisco 

Separates authentication, authorization, and accountability 




Separates authentication, authorization, and accountability 

Is prophetary to Cisco 






Encrypts only the password 


RADIUS 



Uses UDP 




Encrypts only the password 



QUESTION 279 

Drag and Drop Question 


Drag and drop the protocol on the left to the corresponding administrative distance on the right 



ODR 


0 



connected 


1 



external EIGRP 


160 



static 


115 



IS-IS 


200 



iBGP 


170 
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Answer: 


Drag and drop the protocol on the left to the corresponding administrative distance on the right. 



ODR 


connected 



connected 


static 



external EIGRP 


ODR 


static 


IS-IS 



IS-tS 


iBGP 



iBGP 


external EIGRP 


QUESTION 280 

Drag and Drop Question 

Drag and drop the PPPoE packet type on the left to the corresponding description on the right. 


Drag and drop the PPPoE packet type on the left to the corresponding description on the right. 




PADR 


A packet that is sent with the destination_addr set to the broadcast address. The packet 
indicates the type of service requested 




PADT 


A packet that is sent with the destination_addr set to the unicast address of the PPPoE 
client The packet contains an offer for the client. 


PADO 


A packet that is sent from the PPPoE client with the destinab'on_addr set to the chosen 
access concentrator. 

The packet contains a session request from the client. 




PADI 


A packet that is sent as confirmation to the client. 

The packet contains the unique PPPoE session ID. 




PADS 


A packet that is sent to terminate the PPPoE session. 



Answer: 


Drag and drop the PPPoE packet type on the left to the corresponding description on the right 




PADR 


PADI 



PADT 


PADO 




PADO 

PADR 


PADI 


PADS 




PADS 

PADT 
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QUESTION 281 

Drag and Drop Question 


Drag and drop the BGP state on the left to the action that defines it on the right 



OpenConfirm 


The BGP routing process detects that a peer is trying to establish a TCP session with the 
local BGP speaker 



Idle 


The BGP routing process tries to establish a TCP session with a peer device. 



Active 


The TCP connection is established. 



Connect 


The BGP routing process waits to receive an intial keepalive message from the peer. 



Established 


The Initial BGP state 



OpenSent 


The router exchanges update messages with the peer. 


Answer: 


Drag and drop the BGP state on the left to the action that defines it on the right 


OpenConfirm 

Connect 

Idle 

Active 



Active 

OpenSent 



Connect 

OpenConfirm 



Established 

Idle 


Established 

OpenSent 


QUESTION 282 

Drag and Drop Question 

Drag and drop the extended ping command field on the left to its usage on the right. 


Drag and drop the extended ping command field on the left to its usage on the right. 



type of service 


discovenng framing issues on serial lines 



sweep range of sizes 


adjusting delay, throughput and reliability preferences for the ping 



data pattern 


configuring the IP header options of the ping 



loose, stnct, record, timestamp, verbose 


determining the minimum MTU in a path 


Answer: 
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QUESTION 283 

Drag and Drop Question 

Drag and drop the argument of the mpls ip cef load-sharing command on the left to the function it 
performs on the right. 


Drag and drop the argument of the mis ip cef load-sharing command on the left to the function it performs on the right 



simple 


configures CEF load balanang to use Layer 3 and Layer 4 information, excluding multiple 
adjacendes 



full 


configures CEF load balanang to use only 
destination Layer 4 ports 


full simple 


configures CEF load balanang to use only Layer 3 information, excluding multiple 
adjacendes 




exdude-port source 


configures CEF load balanang to use only source Layer 4 ports 



exdude-port destination 


configures CEF load balanang to use source and destination 

Layer 3 and Layer 4 information, induding multiple adjacencies 


Answer: 


Drag and drop the argument of the mis ip cef load-sharing command on the left to the fundion it performs on the right. 



simple 


full simple 




full 


exclude-port source 



full simple 


simple 



exclude-port source 


exclude-port destination 



exclude-port destination 


full 


QUESTION 284 

Drag and Drop Question 

Drag and drop the method for refreshing BGP prefixes on the left to the corresponding description 
on the right. 
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Drag and drop the method for refreshing BGP prefixes on the left to the corresponding description on the right 



hard reset 


requests a complete refresh of the Adj-RIB-Out 



soft reset 


tears down the peering session and deletes prefixes from the peer 



dynamic inbound soft reset 


uses extra prefix information stored locally 



Enhanced Route Refresh 


finds route inconsistencies and synchronizes with the peer 


Answer: 


Drag and drop the method for refreshing BGP prefixes on the left to the corresponding description on the right. 


hard reset 

dynamic inbound soft reset 


soft reset 

hard reset 



dynamic inbound soft reset 

soft reset 


Enhanced Route Refresh 

Enhanced Route Refresh 

QUESTION 285 

Drag and Drop Question 


Drag and drop the IS-IS component on the left to the function that it performs on the right. 


attached bits 

instructs other devices to route around the sending device until its LSDB is fully 
converged 



overload bit 

discovers neighboring IS-IS systems 



TLV 

carries additional data within an IS-IS packet 



IIH 

synchronizes the LSDB within an IS-IS domain 



PNSP 

indicates to a Level 1 device that the sending device has 
reachability to other areas 


CNSP 

requests retransmission of the latest version of an LSP 


Answer: 


Drag and drop the IS-IS component on the left to the function that it performs on the right 



attached bits 


overload bit 

overload bit 


IIH 



TLV 


TLV 



IIH 


CNSP 



PNSP 


attached bits 



CNSP 


PNSP 
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QUESTION 286 

Drag and Drop Question 


Drag and drop the NHRP flag on the left to the corresponding meaning on the right 



authoritative 


NHRP Information was learned from a forwarded NHRP packet. 



implicit 


The NHRP mapping entry is active and process-switched. 



negative 


NHRP information was obtained from the next hop server that maintains the NBMA-to-IP 
mapping. 



used 


The requested NBfM mapping failed. 


Answer: 


Drag and drop the NHRP flag on the left to the corresponding meaning on the right. 


authoritative 


implicit 

implicit 


used 




negative 


authoritative 


used 


negative 


QUESTION 287 

Drag and Drop Question 


Drag and drop the RIP configuration command on the left to the function it performs on the right 




ip rip triggered 


configures the router to verify the IP address of routers that 
send updates 




output-delay 


configures the router to send information only when the 
routing database is updated 


validate-update-source 


configures the router to modify routing metrics 




offset-list 


configures the router to throttle RIP updates 


Answer: 


Drag and drop the RIP configuration command on the left to the function it performs on the right. 




ip rip triggered 


validate-update-source 





output-delay 


ip rip triggered 




validate-update-source 


offset-list 




offset-list 


output-delay 
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QUESTION 288 

Drag and Drop Question 



Answer: 



QUESTION 289 

What is Nagle's algorithm used for? 

A. To increase the latency 

B. To calculate the best path in distance vector routing protocols 

C. To calculate the best path in link state routing protocols 

D. To resolve issues caused by poorly implemented TCP flow control. 

Answer: D 


QUESTION 290 

Which statement is true regarding the UDP checksum? 
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A. It is used for congestion control. 

B. It cannot be all zeros. 

C. It is used by some Internet worms to hide their propagation. 

D. It is computed based on the IP pseudo-header. 

Answer: D 


QUESTION 291 

How many hash buckets does Cisco Express Forwarding use for load balancing? 

A. 8 

B. 16 

C. 24 

D. 32 

Answer: B 


QUESTION 292 

Which statement describes the purpose of the Payload Type field in the RTP header? 

A. It identifies the signaling protocol. 

B. It identifies the codec. 

C. It identifies the port numbers for RTP. 

D. It identifies the port numbers for RTCP. 

Answer: B 

QUESTION 293 

Which Cisco IOS XE process administers routing and forwarding? 

A. Forwarding manager 

B. Interface manager 

C. Cisco IOS 

D. Host manager 

Answer: C 


QUESTION 294 

Which circumstance can cause packet loss due to a microburst? 

A. slow convergence 

B. a blocked spanning-tree port 

C. process switching 

D. insufficient buffers 

Answer: D 


QUESTION 295 
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When you migrate a network from PVST+ to rapid-PVST+, which two features become inactive? 
(Choose two.) 

A. Root guard 

B. Loop guard 

C. UplinkFast 

D. UDLD 

E. BackboneFast 

F. Bridge Assurance 

Answer: CE 


QUESTION 296 

Which three condition types can be monitored by crypto conditional debug? (Choose three.) 

A. Peer hostname 

B. SSL 

C. ISAKMP 

D. Flow ID 

E. IPsec 

F. Connection ID 

Answer: ADF 


QUESTION 297 

Refer to the exhibit. Which two pieces of information in this Wireshark capture indicate that you 
are viewing EIGRP traffic? (Choose two.) 


Internee Protocol, Src: 192.168.0.2 (192.168.0.2), Dst: 224.0.0.10 (224.0.0.10) 
Version: 4 

Header length: 20 bytes 

Differentiated Services Field: OxcO (DSCP 0x30: Class Selector 6; ECN: 0x00) 
Total Length: 60 
Identification: 0x0000 (0) 

Flags: 0x00 
Fragment offset: 0 
Time to live: 2 
Prctccol: EIGRP (88) 

Header checksum: 0xl6f6 [correct] 

Source: 192.168.0.2 (192.168.0.2) 

Destination: 224.0.0.10 (224.0.0.10) 


A. the header length 

B. the protocol number 

C. the destination address 

D. the Class Selector 

E. the source address 

F. the header checksum 
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Answer: BC 


QUESTION 298 

Which statement is true about MLD? 

A. MLD vl gives hosts the ability to receive multicast packets from specific source addresses. 

B. All MLD messages are sent with a link-local IPv6 source address of FF02::D. 

C. The multicast address field is cleared to zero when sending an MLD report message. 

D. MLD is used by IPv6 routers to discover multicast listeners on a directly attached link. 

Answer: D 


QUESTION 299 

Which statement is true about LLDP? 

A. LLDP provides VTP support. 

B. LLDP does not use a multicast address to communicate. 

C. LLDP can indicate only the duplex setting of a link, and not the speed capabilities. 

D. LLDP does not support native VLAN indication. 

Answer: D 


QUESTION 300 

Which statement is true when using a VLAN ID from the extended VLAN range (10067094)? 

A. VLANs in the extended VLAN range can be used with VTPv2 in either client or server mode. 

B. VLANs in the extended VLAN range can only be used as private VLANs. 

C. STP is disabled by default on extended-range VLANs. 

D. VLANs in the extended VLAN range cannot be pruned. 

Answer: D 


QUESTION 301 

Which statement is true about trunking? 

A. Cisco switches that run PVST+ do not transmit BPDUs on nonnative VLANs when using a dotlq trunk. 

B. When removing VLAN 1 from a trunk, management traffic such as CDP is no longer passed in that VLAN. 

C. DTP only supports autonegotiation on 802.1q and does not support autonegotiation for ISL. 

D. DTP is a point-to-point protocol. 

Answer: D 


QUESTION 302 

Which three statements are true about an EtherChannel? (Choose three.) 

A. PAGP and LACP can be configured on the same switch if the switch is not in the same EtherChannel. 

B. EtherChannel ports in suspended state can receive BPDUs but cannot send them. 
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C. An EtherChannel forms between trunks that are using different native VLANs. 

D. LACP can operate in both half duplex and full duplex, if the duplex setting is the same on both ends. 

E. Ports with different spanning-tree path costs can form an EtherChannel. 

Answer: ABE 


QUESTION 303 

Which technology can be affected when switches are used that do not support jumbo frames? 

A. 802.lx 

B. BFD 

C. OSPFv3 

D. 802.1q 

Answer: D 


QUESTION 304 

Which statement describes the native VLAN concept in an ISL trunk? 

A. It is the VLAN ID that is assigned to untagged packets. 

B. It is the VLAN with highest priority. 

C. It is the default VLAN for a trunk. 

D. There is no native VLAN concept in an ISL trunk. 

Answer: D 


QUESTION 305 

Which protocol is the encapsulating protocol for mtrace packets? 

A. ICMP 

B. IGMP 

C. PIM 

D. GRE 

Answer: B 


QUESTION 306 

Assume that the following MAC addresses are used for the bridge ID MAC address by four 
different switches in a network. Which switch will be elected as the spanning-tree root bridge? 

A. SwitchA uses MAC 1000.AA-AA-AA-AA-AA-AA. 

B. SwitchB uses MAC 2000.BB-BB-BB-BB-BB-BB. 

C. SwitchC uses MAC 3000.CC-CC-CC-CC-CC-CC. 

D. SwitchD uses MAC 4000.DD-DD-DD-DD-DD-DD. 

Answer: A 


QUESTION 307 
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What is the destination MAC address of a BPDU frame? 

A. 01-80-C2-00-00-00 

B. 01-00-5E-00-00-00 

C. FF-FF-FF-FF-FF-FF 

D. 01-80-C6-00-00-01 

Answer: A 


QUESTION 308 

Refer to the exhibit. All switches are Cisco switches. Assume that Cisco Discovery Protocol is 
enabled only on switches A and C. 



Which information is returned when you issue the command show cdp neighbors on switch C? 

A. a limited amount of information about switch B 

B. no neighbor details will be returned 

C. neighbor details for switch B 

D. neighbor details for switch A 

E. neighbor details for switch C 

Answer: B 
Explanation: 

CDP is used to discover information on directly connected neighbors only, so in this case Switch 
C would only be able to obtain CDP information from Switch B. However, since Switch B is not 
running CDP then no neighbor information will be seen on Switch C. Same goes for Switch A also 
in this topology. 


QUESTION 309 

Which two features are supported when Cisco HDLC is implemented? (Choose two.) 

A. error recovery 

B. error detection 

C. asynchronous links 

D. multiple protocols 

Answer: BD 


QUESTION 310 

Refer to the exhibit. With these configurations for R1 and R2, which statement about PPP 
authentication is true? 
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R1 

interface SerialO/O 
encapsulation ppp 

ppp pap sent-username SITE2 password cisco 

r: 

username SITE2 password cisco 
interface SerialO/O 
encapsulation ppp 
ppp authentication pap 


A. Authentication fails because R1 is missing a username and password. 

B. R2 responds with the correct authentication credentials. 

C. R2 requires authentication from R1. 

D. R1 requires authentication from R2. 

Answer: C 


QUESTION 311 

Refer to the exhibit. You must complete the configuration on R1 so that a maximum of three links 
can be used and fragmentation is supported. 



Interface Serial 1/0 
encapsulation ppp 
ppp multilink 
ppp multilink group 15 

Interface Serial 1/1 
encapsulation ppp 
ppp multilink 
ppp multilink group 15 


Which additional configuration accomplishes this task? 

A. interface Multilinkl 9 

ip address 192.168.1.1 255.255.255.0 

ppp multilink 

ppp multilink group 19 

ppp multilink links minimum 1 

ppp multilink links maximum 3 

ppp multilink interleave 
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B. interface Multilinkl 9 

ip address 192.168.1.1 255.255.255.0 

ppp multilink 

ppp multilink group 19 

ppp multilink links maximum 3 

ppp multilink fragment delay 20 

C. interface Multilinkl 9 

ip address 192.168.1.1 255.255.255.0 

ppp multilink 

ppp multilink group 19 

ppp multilink links maximum 3 

ppp multilink fragment delay 20 

ppp multilink interleave 

D. interface Multilinkl 9 

ip address 192.168.1.1 255.255.255.252 

ppp multilink 

ppp multilink group 19 

ppp multilink links maximum 3 

ppp multilink interleave 

Answer: A 


QUESTION 312 

Refer to the exhibit. Which statement is true about the downward bit? 


Router#sh ip osp data summ 

OSPF Router with ID (100.1.1.1) (Process ID 1) 
Summary Net Link States (Area 0) 

LS age: 22 

Options: (No TOS-capability, DC, Downward) 

LS Type: Summary Links(Network) 

Link State ID: 2.2.0.0 (summary Network Number) 
Advertising Router: 2.3.4.101 
LS Seq Number: 80000001 
Checksum: 0x331€ 

Length: 28 
Network Mask: /24 

MTID: 0 Metric: 1 


A. It forces the CE router to use a backup link instead of sending traffic via MPLS VPN. 

B. It informs the PE router that the LSA metric has been recently decreased to 1 and that partial 
SPF calculation cannot be delayed. 

C. It forces the CE router to install the LSA with the downward bit set into its routing table as a 
discard route. 

D. It informs the PE router that the LSA was already redistributed into BGP by another PE router 
and that the LSA must not be redistributed into BGP again. 

Answer: D 
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QUESTION 313 

When BGP route reflectors are used, which attribute ensures that a routing loop is not created? 

A. weight 

B. local preference 

C. multiexit discriminator 

D. originator ID 

Answer: D 


QUESTION 314 

Which regular expression will match prefixes that originated from AS200? 

A. A $ 

B. A 200_ 

C. _200$ 

D. A 200) 

E. _200_ 

Answer: C 


QUESTION 315 

Which statement describes the difference between a stub area and a totally stub area? 

A. The ABR advertises a default route to a totally stub area and not to a stub area. 

B. Stub areas do not allow LSA types 4 and 5, while totally stub areas do not allow LSA types 3, 4, 
and 5. 

C. Totally stub areas allow limited external routes in the area via a special type 7 LSA, while stub 
areas do not 

D. Stub areas do not allow external LSAs, ASBR summary LSAs, or summary LSAs with the exception 
of a default route originated by the ABR via a summary LSA. 

Answer: B 


QUESTION 316 

Which two statements are true about IS-IS? (Choose two.) 

A. IS-IS DIS election is nondeterministic. 

B. IS-IS SPF calculation is performed in three phases. 

C. IS-IS works over the data link layer, which does not provide for fragmentation and reassembly. 

D. IS-IS can never be routed beyond the immediate next hop. 

Answer: CD 


QUESTION 317 

Which command do you use to connect a dense-mode domain to a sparse-mode multicast 
domain? 
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A. none, because there is no such command 

B. ip pirn spt-threshold infinity 

C. ip pirn register dense-mode 

D. ip pirn dense-mode proxy-register 

Answer: D 


QUESTION 318 

Which two statements about the function of a PIM designated router are true? (Choose two.) 

A. It forwards multicast traffic from the source into the PIM network. 

B. It registers directly connected sources to the PIM rendezvous point. 

C. It sends PIM Join/Prune messages for directly connected receivers. 

D. It sends IGMP queries. 

E. It sends PIM asserts on the interfaces of the outgoing interface list. 

Answer: BC 


QUESTION 319 

Refer to the exhibit. Which IP packets will be accepted from EBGP neighbor 10.1.1.1? 


router bgp 1 

neighbor 10.1.1.1 remote-as 2 
neighbor 10.1.1.1 ttl-security hops 2 


A. IP packets with a TTL count in the header that is equal to or greater than 253 

B. IP packets with a TTL count in the header that is equal to 253 

C. IP packets with a TTL count in the header that is equal to or greater than 2 

D. IP packets with a TTL count in the header that is equal to 2 

Answer: A 


QUESTION 320 

Which two statements about proxy ARP are true? (Choose two.) 

A. It is supported on networks without ARP. 

B. It allows machines to spoof packets. 

C. It requires larger ARP tables 

D. It reduces the amount of ARP traffic. 

Answer: BC 


QUESTION 321 

Refer to the exhibit. Routers R1 and R2 are configured as shown, and traffic from R1 fails to 
reach host 209.165.201.254. 
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router ospf 1 

router-id 10.1.1.1 

network 10.1.1.1 0.0.0.0 area 0 


1 


P.2 

J 

interface GigabitEthernet0/0 
ip address 10.1.1.2 25S.255.255.252 
1 

router ospf 1 
router-id 10.1.1.2 
network 10.1.1.2 0.0.0.0 area 0 
default-information originate 

I 

interface GigabitEthernetO/1 
description INTERNET 

ip address 205.165.202.129 255.255.255.224 

ip route 205.165.201.254 255.255.255.255 GigabitEthernetO/1 
I 


Which action can you take to correct the problem? 

A. Ensure that R2 has a default route in its routing table. 

B. Change the OSPF area type on R1 and R2. 

C. Edit the router configurations so that address 209.165.201.254 is a routable address. 

D. Remove the default-information originate command from the OSPF configuration of R2. 

Answer: A 


QUESTION 322 

Which statement about the overload bit in IS-IS is true? 

A. The IS-IS adjacencies on the links for which the overload bit is set are brought down. 

B. Routers running SPF ignore LSPs with the overload bit set and hence avoid blackholing traffic. 

C. A router setting the overload bit becomes unreachable to all other routers in the IS-IS area. 

D. The overload bit in IS-IS is used only for external prefixes. 

Answer: B 
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QUESTION 323 

Refer to the exhibit. Which statement is true? 


R2#show ip mroute 225.1.1.1 

(*, 225.1.1.1), 01:32:54/00:03:06, RP 10.100.1.2, flags: SJC 
Incoming interface: Ethernetl/0, RPF nbr 10.1.3.2 
Outgoing interface list: 

Ethernet3/0, Forward/Sparse, 01:32:54/00:03:06 

(10.1.4.7, 225.1.1.1), 01:32:54/00:01:05, flags: JT 
Incoming interface: Ethernetl/0, RPF nbr 10.1.3.2 
Outgoing interface list: 

Ethernet3/0, Forward/Sparse, 00:37:38/00:02:26, A 


A. R2 is directly connected to the receiver for this group and is the winner of an assert mechanism. 

B. R2 is directly connected to the receiver for this group, and it forwards the traffic onto Ethernet3/0, 

but it is forwarding duplicate traffic onto Ethernet3/0. 

C. R2 has the A flag (Accept flag) set on Ethernet 3/0. This is fine, since the group is in BIDIR PIM mode. 

D. R2 is directly connected to the receiver for this group and is the loser of an assert mechanism. 

E. The A flag is set until the SPT threshold is reached for this multicast group. 

Answer: A 


QUESTION 324 

Which three statements about IS-IS are true? (Choose three.) 

A. IS-IS is not encapsulated in IP. 

B. IS-IS is directly encapsulated in the data link layer. 

C. 0XFEFE is used in the Layer 2 header to identify the Layer 3 protocol. 

D. IS-IS uses protocol ID 93. 

E. IS-IS can be used to route the IPX protocol. 

F. IS-IS is an IETF standard. 

Answer: ABC 


QUESTION 325 

Refer to the exhibit. Which statement is true? 


PEllshow ip rpf 10.100.1.4 

RPF information for ? (10.100.1.4) 

RPF interface: Ethernetl/0 
RPF neighbor: ? (10.1.1.4) 

RPF route/mask: 10.100.1.4/32 
RPF type: multicast (isis) 

Doing distance-preferred lookups across tables 
RPF topology: ipv4 multicast base 
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A. The command ip multicast rpf multitopology is missing from the configuration. 

B. Multitopology routing for multicast has been enabled for IS-IS. 

C. This output is invalid. 

D. The command mpls traffic-eng multicast-intact is configured on this router. 

Answer: B 


QUESTION 326 

As a best practice, when a router is configured as an EIGRP Stub, which routes should be 
received from its distribution neighbor? 

A. the default route 

B. static routes 

C. internal routes only 

D. internal and external routes 

Answer: A 


QUESTION 327 

Which BGP feature allows BGP routing tables to be refreshed without impacting established BGP 
sessions? 

A. BGP synchronization 

B. soft reconfiguration 

C. confederations 

D. hard reset 

Answer: B 


QUESTION 328 

Which two options describe two functions of a neighbor solicitation message? (Choose two.) 

A. It requests the link-layer address of the target. 

B. It provides its own link-layer address to the target. 

C. It requests the site-local address of the target. 

D. It provides its own site-local address to the target. 

E. It requests the admin-local address of the target. 

F. It provides its own admin-local address to the target. 

Answer: AB 


QUESTION 329 

Which three options are three of the default EIGRP administrative distances? (Choose three.) 

A. Internal, 90 

B. External, 170 

C. Summary, 5 
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D. Outside Local, 100 

E. Inside Local, 180 

F. Inside Global, 1 

Answer: ABC 


QUESTION 330 

Refer to the exhibit. Which two statements about this route table are true? (Choose two.) 


O E2 172.17.108.128/25 

(110/20) via 10.169.73.12, 3d07h, Ten3igabitEthernet8/0/0 
0 E2 10.167.111.216/29 

[110/20] via 10.169.73.12, 3d07h, TenGigabicEthernetS/O/O 
O IA 10.68.2.0/31 

[110/489] via 10.169.73.12, 3d07h, TenGigabitEchernet8/0/0 
O IA 10.68.2.2/31 

[110/488] via 10.169.73.12, 3d07h, TenGigabitEthernet8/0/0 
B 10.1.50.0/24 [200/0] via 172.16.189.9, 3d07h 

B 10.1.51.0/24 [200/0] via 172.16.189.9, 3d07h 


A. The BGP routes are internal. 

B. The OSPF routes with the E2 flag retain the same metric as they leave the router. 

C. The OSPF routes with the IA flag have their administrative distances incremented as they leave the router. 

D. The BGP routes are external. 

E. The OSPF routes with the E2 flag have their metrics incremented as they leave the router. 

Answer: AB 


QUESTION 331 

Refer to the exhibit. Which two statements about this configuration are true? (Choose two.) 


interface GigabitEthernetO/1 

ip address 192.168.1.5 255.255.255.0 
prefix-list FILTER seg 5 perrux 172.16.0.0/16 
prefix-list FILTER 3eq 10 pemLt 0.0.0.0/0 
router eigrp 65000 
no auto-summary 
network 192.168.1.5 0.0.0.0 
distribute-list prefix FILTER out 


A. It allows 172.16.0.0/16 to be distributed into EIGRP. 

B. It allows a default route to be distributed into EIGRP. 

C. Hallows 172.16.0.0/16 and larger subnets to be distributed into EIGRP. 

D. It prevents 172.16.0.0/16 from being distributed into EIGRP. 

E. It prevents a default route from being distributed into EIGRP. 

F. It creates summary routes and injects them into EIGRP. 

Answer: AB 
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QUESTION 332 

Refer to the exhibit. R1 is able to reach only some of the subnets that R2 is advertising. 

Which two configuration changes can you make to ensure that R1 can reach all routes from R2? 
(Choose two.) 


R2 

interface Locpbac)c2 

ip address 172.16.2.2 255.255.255.0 
interface Loopbaclc3 

ip address 172.16.3.3 255.255.255.0 
interface Locpback4 

ip address 172.16.5.4 255.255.255.0 
interface GigabitEthernetl/O 

ip address 10.0.78.8 255.255.255.0 
ip router isi3 
router isis 

net 49.0001.0031.0031.00 
redistribute connected route-map LOOPBACKS 
ip access-list standard LOOPBACKS 
permit 172.16.0.0 0.0.3.2S5 
route-map LOOPBACKS permit 10 
match ip address LOOPBACKS 


A. Add an additional permit statement to the LOOPBACKS route map. 

B. Modify the LOOPBACKS access list to include all loopback subnets. 

C. Add an additional statement in the LOOPBACKS route map to match both Level 1 and Level 2 circuits. 

D. Add an additional statement in the LOOPBACKS route map to match the R1 CLNS address. 

E. Configure the interfaces between R1 and R2 with a Level 1 IS-IS circuit. 

F. Configure the interfaces between R1 and R2 with a Level 2 IS-IS circuit. 

Answer: AB 


QUESTION 333 

Refer to the exhibit. R1, R2, and R3 have full network connectivity to each other, but R2 prefers 
the path through R3 to reach network 172.17.1.0/24. Which two actions can you take so that R2 
prefers the path through R1 to reach 172.17.1.0/24? (Choose two.) 
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172.17.1.1/24 OSPF 172.17.2 2/24 



A. Set the reference bandwidth to 10000 on R1, R2, and R3. 

B. Configure the cost on the link between R1 and R3 to be greater than 100 Mbps. 

C. Set the reference bandwidth on R2 only. 

D. Configure a manual bandwidth statement with a value of 1 Gbps on the link between R1 and R3. 

E. Modify the cost on the link between R1 and R2 to be greater than 10 Gbps. 

F. Configure a manual bandwidth statement with a value of 100 Mbps on the link between R1 and R2. 

Answer: AB 


QUESTION 334 

What are two advantages to using Asynchronous mode instead of Demand mode for BFD? 

(Choose two.) 

A. Asynchronous mode requires half as many packets as Demand mode for failure detection. 

B. Asynchronous mode can be used in place of the echo function. 

C. Asynchronous mode supports a larger number of BFD sessions. 

D. Asynchronous mode requires one fourth as many packets as Demand mode for failure detection. 

E. Asynchronous mode's round-trip jitter is less than that of Demand mode. 

Answer: AB 


QUESTION 335 

Which action does route poisoning take that serves as a loop-prevention method? 
A. It immediately sends routing updates with an unreachable metric to all devices. 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


134 
















Pass Leader’ 

Leader of IT Certifications 


B. It immediately sends routing updates with a metric of 255 to all devices. 

C. It prohibits a router from advertising back onto the interface from which it was learned. 

D. It advertises a route with an unreachable metric back onto the interface from which it was learned. 

E. It poisons the route by tagging it uniquely within the network. 

Answer: A 


QUESTION 336 

Which two statements about the ipv6 ospf authentication command are true? (Choose two.) 

A. The command is required if you implement the IPsec AH header. 

B. The command configures an SPI. 

C. The command is required if you implement the IPsec TLV. 

D. The command can be used in conjunction with the SPI authentication algorithm. 

E. The command must be configured under the OSPFv3 process. 

Answer: AB 


QUESTION 337 

Which two statements about SoO checking in EIGRP OTP deployments are true? (Choose two). 

A. During the import process, the SoO value in BGP is checked against the SoO value of the site map. 

B. During the reception of an EIGRP update, the SoO value in the EIGRP update is checked against the 

SoO value of the site map on the ingress interface. 

C. At the ingress of the PE/CE link, the SoO in the EIGRP update is checked against the SoO within the 
PE/CE routing protocol. 

D. At the egress of the PE/CE link, the SoO is checked against the SoO within the PE/CE routing protocol. 

E. The SoO is checked at the ingress of the backdoor link. 

F. The SoO is checked at the egress of the backdoor link. 

Answer: AB 


QUESTION 338 

Which two OSPF LSA types are flooded within the originating area? (Choose two.) 

A. type 1, Router LSA 

B. type 2, Network LSA 

C. type 3, Network Summary LSA 

D. type 4, ASBR Summary LSA 

E. type 6, Group Membership LSA 

F. type 9, Opaque LSA 

Answer: AB 


QUESTION 339 

Which statement about the OSPF Loop-Free Alternate feature is true? 
A. It is supported on routers that are configured with virtual links. 
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B. It is supported in VRF OSPF instances. 

C. It is supported when a traffic engineering tunnel interface is protected. 

D. It is supported when traffic can be redirected to a primary neighbor. 

Answer: B 


QUESTION 340 

Refer to the exhibit. ASN 64523 has a multihomed BGP setup to ISP A and ISP B. Which BGP 
attribute can you set to allow traffic that originates in ASN 64523 to exit the ASN through ISP B? 



A. origin 

B. next-hop 

C. weight 

D. multi-exit discriminator 

Answer: D 


QUESTION 341 

When deploying redundant route reflectors in BGP, which attribute can you configure on the route 
reflector to allow routes to be identified as belonging to the same group? 

A. ROUTER ID 

B. CLUSTER ID 

C. ORIGINATORJD 

D. PEER GROUP 

Answer: B 


QUESTION 342 

Refer to the exhibit. R1 and R2 have a working VRF-Lite configuration, but R1 is receiving a route 
only to 10.2.2.2 from R2. 
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Which two changes can you make so that R1 receives all routes from R2? (Choose two.) 


R1 

ip vrf VPN 
rd 1:1 

import-map INBOUND 
route-target both 1:1 
interface GigabitEthernetO/O 
ip vrf forwarding VPN 
ip address 192.168.0.1 255.255.255.0 
acce3s-list 10 5 permit 192.168.0.0 255.255.0.0 
access-list 10 10 permit 10.2.2.2 255.255.255.255 
route-map INBOUND 10 
match ip address 10 
router ospf 1 vrf VPN 

network 192.168.0.0 0.0.0.255 area 0 


R2 

ip vrf VPN 
rd 1:1 

route-target both 1:1 
interface Loopbackl 

ip vrf forwarding VPN 
ip address 10.1.1.1 255.255.255.0 
interface Loopbackl 

ip vrf forwarding VPN 
ip address 10.2.2.2 255.255.255.0 
interface Loopback2 

ip vrf forwarding VPN 
ip address 10.3.3.3 255.255.255.0 
interface GigabitEthernet0/0 
ip vrf forwarding VPN 
ip address 192.168.0.2 255.255.255.0 
router cspf 2 vrf VPN 

network 192.168.0.0 0.0.0.255 area 0 
network 10.1.1.1 0.0.0.0 area 0 
network 10.2.2.2 0.0.0.0 area 0 
network 10.3.3.0 0.0.0.15 area 0 


A. Create an additional permit statement in the access list that is referenced by the import-map on R1. 

B. Disable VRF filtering on R1. 

C. Set the R1 and R2 OSPF process IDs to match. 

D. Change the wildcard mask for the network 10.3.3.0 to 0.0.0.0. 

E. Create a matching export map in the VRF for R2. 

Answer: AB 


QUESTION 343 

Refer to the exhibit. R2 is unable to access the 172.16.1.0/30 network between R1 and R3. 
Which option is a possible reason for the failure? 
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R1 

interface GigabitZthemetO/O 
ip address 172.16.1.1 255.255.255.252 
router ospf 1 

network 172.16.1.1 0.0.0.0 area 0 


P.2 

interface GigabitEthernetO/O 

ip address 152.168.254.2 255.255.255.254 

router rip 

version 2 

no auto-simaary 

network 152.168.254.0 


R3 

interface GigabitEthemetO/O 
ip address 152.168.254.3 255.255.255.254 
interface GigabitZthernetO/1 
ip address 172.16.1.2 255.255.255.252 
router ospf 2 

network 152.168.254.0 0.0.0.2S5 area 0 

redistribute rip subnets 

router rip 

version 2 

no auto-suaaary 

redistribute ospf 2 

network 172.16.0.0 


A. The seed metric for redistributing into RIP on R3 is missing. 

B. The OSPF processes on R2 and R3 are different. 

C. Auto-summary is misconfigured under the RIP process of R3. 

D. The subnet mask on the link between R2 and R3 is smaller than /30. 

E. The wildcard mask on R3 is misconfigured. 

Answer: A 


QUESTION 344 

Which two options are mandatory components of a multiprotocol BGP VPN-IPv4 address? 
(Choose two.) 

A. a route distinguisher 

B. an IPv4 address 

C. a route target 

D. an MPLS label 

E. a system ID 

F. an area ID 

Answer: AB 


QUESTION 345 

Which BGP feature enables you to install a backup path in the forwarding table? 
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A. soft reconfiguration 

B. prefix independent convergence 

C. route refresh 

D. synchronization 

Answer: B 


QUESTION 346 

Refer to the exhibit. Which statement is true about a valid IPv6 address that can be configured on 
interface tunnelO? 


interface tunnelO 
tunnel mode ipv€ip eto4 
tunnel source 125.203.85.1 
ipv€ address ? 


A. There is not enough information to calculate the IPv6 address. 

B. 6to4 tunneling allows you to use any IPv6 address. 

C. 2001.7DCB. 5901. . /128 is a valid IPv6 address. 

D. 2002. 7DCB. 5901.. /128 is a valid IPv6 address. 

Answer: D 


QUESTION 347 

Which technology is not necessary to set up a basic MPLS domain? 

A. IP addressing 

B. an IGP 

C. LDPorTDP 

D. CEF 

E. a VRF 

Answer: E 


QUESTION 348 

What is the main component of Unified MPLS? 

A. Multiple IGPs in the network are used, where the loopback IP addresses of the PE routers are 
aggregated on the area border routers. 

B. Confederations are used to provide scalability. 

C. The loopback prefixes from one IGP area are redistributed into BGP without changing the next hop. 

D. The ABR is a BGP route reflector and sets next-hop to self for all reflected routes. 

Answer: D 


QUESTION 349 

For which feature is the address family "rtfilter" used? 
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A. Enhanced Route Refresh 

B. MPLS VPN filtering 

C. Route Target Constraint 

D. Unified MPLS 

Answer: C 


QUESTION 350 

Refer to the exhibit. What does the return code 3 represent in this output? 


Codes: - success, ’O' - request not sent, - timeout, 

'L' - labeled output interface, 'B' - unlabeled output interface, 

'D' - DS Map mismatch, T* - no FEC sapping, 'f* - FEC mismatch, 

•M' - malformed request, 'm' - unsupported tlvs, - no label entry, 
'P■ - no tx intf label prot, 'p' - premature termination of LSP, 

•R 1 - transit router, 'I' - unknown upstream index, 

'X' - unknown return code, ’x' - return code 0 

Type escape sequence to abort. 

! size 100, reply addr 70.16S.72.33, return code 3 

! size 100, reply addr 70.16S.72.33, return code 3 

! size 100, reply addr 70.169.72.33, return code 3 

! size 100, reply addr 70.169.72.33, return code 3 

! size 100, reply addr 70.169.72.33, return code 3 

Success rate is 100 percent <5/5), round-trip min/avg/max = 4/4/4 ms 


A. The mapping of the replying router for the FEC is different. 

B. The packet is label-switched at stack depth. 

C. The return code is reserved. 

D. The upstream index is unknown. 

E. The replying router was the proper egress for the FEC. 

Answer: E 


QUESTION 351 

Which two values comprise the VPN ID for an MPLS VPN? (Choose two.) 

A. anOUl 

B. a VPN index 

C. a route distinguisher 

D. a 16-bit AS number 

E. a 32-bit IP address 

Answer: AB 


QUESTION 352 

Refer to the exhibit. Which LISP component do routers in the public IP network use to forward 
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traffic between the two networks? 



A. EID 

B. RLOC 

C. map server 

D. map resolver 

Answer: B 


QUESTION 353 

Refer to the exhibit. Which device role could have generated this debug output? 


NHRP: Send Registration Request via Tunnell vrf 0, packet size: 108 
src: 172.30.10.66, dst: 172.30.10.1 
(F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1 
shtl: 4(NSAP), 33tl: 0 (NSAP) 
pktsz: 108 extoff: 52 
(M) flags: "unique nat ”, reqid: 113922 
src NBMA: 10.100.100.193 

src protocol: 172.30.10.66, dst protocol: 172.30.10.1 
(C—1) code: no error(0) 

prefix: 32, mtu: 17912, hd_tixne: 600 

addr_len: 0(NSAP), subaddr_len: 0(NSAP), protc_lea: 0, pref: 0 
NHRP: Receive Registration Reply via 

addr_len: 0(NSAP), subaddr_len: 0<NSAP), proto_len: 0, pref: 0 


A. an NHS only 

B. an NHC only 

C. an NHS or an NHC 

D. a DMVPN hub router 

Answer: B 


QUESTION 354 

Which statement about the NHRP network ID is true? 

A. It is sent from the spoke to the hub to identify the spoke as a member of the same NHRP domain. 

B. It is sent from the hub to the spoke to identify the hub as a member of the same NHRP domain. 

C. It is sent between spokes to identify the spokes as members of the same NHRP domain. 

D. It is a locally significant ID used to define the NHRP domain for an interface. 
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Answer: D 


QUESTION 355 

You are configuring a DMVPN spoke to use IPsec over a physical interface that is located within 
a VRF. For which three configuration sections must you specify the VRF name? (Choose three.) 

A. the ISAKMP profile 

B. the crypto keyring 

C. the IPsec profile 

D. the IPsec transform set 

E. the tunnel interface 

F. the physical interface 

Answer: BEF 


QUESTION 356 

Which IPv6 prefix is used for 6to4 tunnel addresses? 

A. 2001../23 

B. 2002. ./16 

C. 3ffe. . /16 

D. 5f00. . /8 

E. 2001. . /32 

Answer: B 


QUESTION 357 

When you configure the ip pmtu command under an L2TPv3 pseudowire class, which two things 
can happen when a packet exceeds the L2TP path MTU? (Choose two.) 

A. The router drops the packet. 

B. The router always fragments the packet after L2TP/IP encapsulation. 

C. The router drops the packet and sends an ICMP unreachable message back to the sender only if 
the DF bit is set to 1. 

D. The router always fragments the packet before L2TP/IP encapsulation. 

E. The router fragments the packet after L2TP/IP encapsulation only if the DF bit is set to 0. 

F. The router fragments the packet before L2TP/IP encapsulation only if the DF bit is set to 0. 

Answer: CF 


QUESTION 358 

Which two parameters does the Tunnel Mode Auto Selection feature select automatically? 
(Choose two.) 

A. the tunneling protocol 

B. the transport protocol 

C. the ISAKMP profile 

D. the transform-set 
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E. the tunnel peer 

Answer: AB 


QUESTION 359 

By default, how does a GET VPN group member router handle traffic when it is unable to register 
to a key server? 

A. All traffic is queued until registration is successful or the queue is full. 

B. All traffic is forwarded through the router unencrypted. 

C. All traffic is forwarded through the router encrypted. 

D. All traffic through the router is dropped. 

Answer: B 


QUESTION 360 

Which two protocols are not protected in an edge router by using control plane policing? (Choose 
two.) 

A. SMTP 

B. RPC 

C. SSH 

D. Telnet 

Answer: AB 


QUESTION 361 

Which two statements are true about AAA? (Choose two.) 

A. AAA can use RADIUS, TACACS+, or Windows AD to authenticate users. 

B. If RADIUS is the only method configured in AAA, and the server becomes unreachable, the user 
will be able to log in to the router using a local username and password. 

C. If the local keyword is not included and the AAA server does not respond, then authorization will 
never be possible and the connection will fail. 

D. AAA can be used to authenticate the enable password with a AAA server. 

Answer: CD 


QUESTION 362 

Which three types of traffic are allowed by IEEE 802.IX access control prior to getting 
authenticated? (Choose three.) 


A. 

EAPOL 

B. 

VTP 

C. 

STP 

D. 

ARP 

E. 

CDP 

F. 

HTTP 
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Answer: ACE 


QUESTION 363 

Which two statements about MAC ACLs are true? (Choose two.) 

A. They support only inbound filtering. 

B. They support both inbound and outbound filtering. 

C. They are configured with the command mac access-list standard. 

D. They can filter non-IP traffic on a VLAN and on a physical interface. 

Answer: AD 


QUESTION 364 

Refer to the exhibit. What happens to packets when traffic in the icmp-class class exceeds the 
policed amount? 


Router#sh policy-nap control-plane 
Control Plane 

Service-policy output: control-plane-out 

Class-nap: icmp-class (match-all) 

197314985 packets, 11510114428 bytes 
5 minute offered rate 1000 bps, drop rate 0000 bps 
Match: access-group name killicmpv2 
police: 

cir 1000000 bps, be 31250 bytes 
conformed 197138885 packets, 11499818077 bytes; actions: 
transmit 

exceeded 176100 packets, 10296351 bytes; actions: 
drop 

conformed 1000 bps, exceed 0000 bps 

Class-map: class-default (match-any) 

1126224901 packets, 158790413979 bytes 
5 minute offered rate 41000 bps, drop rate Q000 bps 
Match: any 


A. Packets are discarded and a message is logged. 

B. Packets are discarded and a trap is sent to any servers that are configured to receive traps. 

C. Packets are discarded silently. 

D. Packets are discarded and an inform is sent to any servers that are configured to receive informs. 

Answer: C 


QUESTION 365 

Which statement describes Cisco PfR link groups? 

A. Link groups enable Cisco PfR Fast Reroute when NetFlow is enabled on the external interfaces of 
the border routers. 
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B. Link groups define a strict or loose hop-by-hop path preference. 

C. Link groups are required only when Cisco PfR is configured to load-balance all traffic. 

D. Link groups are enabled automatically when Cisco PfR is in Fast Reroute mode. 

E. Link groups set a preference for primary and fallback (backup) external exit interfaces. 

Answer: E 


QUESTION 366 

Which two statements about NetFlow are true? (Choose two.) 

A. It must be configured on each router in a network. 

B. It supports ATM LAN emulation. 

C. The existing network is unaware that NetFlow is running. 

D. It uses SIP to establish sessions between neighbors. 

E. It provides resource utilization accounting. 

Answer: CE 


QUESTION 367 

You are installing a new device to replace a device that failed. The configuration of the failed 
device is stored on a networked server, and the new device has an RXBOOT image installed. 
Under which condition does the streamlined Setup mode fail? 

A. The last four bits of the configuration register are not equal to the decimal value 0 or 1. 

B. The startup configuration file was deleted. 

C. Bit 6 is set in the configuration register. 

D. The startup configuration is corrupt. 

Answer: A 


QUESTION 368 

Which option is the Cisco recommended method to secure access to the console port? 

A. Configure the activation-character command. 

B. Configure a very short timeout (less than 100 milliseconds) for the port. 

C. Set the privilege level to a value less than 15. 

D. Configure an ACL. 

Answer: A 


QUESTION 369 

Refer to the exhibit. If the network switch is configured as shown, which two statements about 
network traffic are true? (Choose two.) 
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class-map match-any voice 
match dscp ef 

class-map match-any router 
match dscp cs6 
class-map match-any gold 
match dscp af41 
class-map match-any silver 
match dscp a£31 

policy-map egress_queue 
class voice 
priority percent 25 
class gold 

bandwidth percent 40 
claS3 silver 
bandwidth percent 15 
class router 
bandwidth percent 5 
class cla3S-default 
bandwidth percent remaining 

policy-map egress_queue_2 
class class-default 
shape average 6000000 
service-policy egressjqueue 

interface GigabitEthernetO/1 
service-policy output egre33_queue_2 


A. Traffic enters the shaper on a FIFO basis. 

B. Traffic enters the shaper on a weighted fair queueing basis. 

C. Drop behavior is random for traffic in excess of 6 Mbps. 

D. Voice traffic is given priority until it reaches 1.5 Mbps. 

E. Voice traffic is given priority until it reaches 6 Mbps. 

Answer: AD 


QUESTION 370 

Refer to the exhibit. You are configuring the SI switch for the switchport connecting to the client 
computer. Which option describes the effect of the command mis qos map cos-dscp 0 8 16 24 32 
40 46 56? 
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A. Voice traffic is excluded from the default priority queue. 

B. Voice packets are given a class selector of 5. 

C. Video conferencing is marked CS3. 

D. Voice packets are processed in the priority queue. 

Answer: A 


QUESTION 371 

Which two options are two characteristics of the HSRPv6 protocol? (Choose two.) 

A. It uses virtual MAC addresses 0005.73a0.0000 through 0005.73a0.0fff. 

B. It uses UDP port number 2029. 

C. It uses virtual MAC addresses 0005.73a0.0000 through 0005.73a0.ffff. 

D. It uses UDP port number 2920. 

E. If a link local IPv6 address is used, it must have a prefix. 

Answer: AB 


QUESTION 372 

Which statement about VRRP is true? 

A. It supports load balancing. 

B. It can be configured with HSRP on a switch or switch stack. 

C. It supports IPv4 and IPv6. 

D. It supports encrypted authentication. 

Answer: B 


QUESTION 373 

Refer to the exhibit. What is the polling frequency set by this configuration? 
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ip ala monitor 10 

type echo protocol ipIcmpEcho 10.1.1.1 aource-ipaddr 10.1.1.2 
frequency 60 

ip ala monitor achedule 10 life 360 


A. 60 seconds 

B. 10 seconds 

C. 360 seconds 

D. 60 milliseconds 

E. 10 milliseconds 

Answer: A 


QUESTION 374 

Refer to the exhibit. Which additional information must you specify in this configuration to capture 
NetFlow traffic? 


configure terminal 

interface Ethernet 0/0 
ip addrea3 10.1.1.2 255.255.255.0 
ip flow-export destination 10.1.1.1 


A. ingress or egress traffic 

B. the number of cache entries 

C. the flow cache active timeout 

D. the flow cache inactive timeout 

Answer: A 


QUESTION 375 

For which three routing protocols can Cisco PfR provide direct route control? (Choose three.) 

A. OSPF 

B. ISIS 

C. BGP 

D. EIGRP 

E. static routing 

F. ODR 

Answer: CDE 


QUESTION 376 

Drag and Drop Question 
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Answer: 


Drag and drop the BGP attribute on the left to the correct category on the right. 



QUESTION 377 

Drag and Drop Question 

Drag and drop the NAT operations on the left into the correct sequential order on the right. 


Drag and drop the NAT operations on the left into the correct sequential order on the right. 



Check the IP routing table 


step 1 



Check the outbound access list 


step 2 



Check the inbound access list 


step 3 



Inspect CBAC 


step 4 



Translate inside local to outside global 


step 5 



Check the policy routing 


step 6 


Answer: 
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Drag and drop the NAT operations on the left into the correct sequential order on the right. 



Check the IP routing table 


Check the inbound access list 



Check the outbound access list 


Check the policy routing 



Check the inbound access list 


Check the IP routing table. 



Inspect CBAC 


Translate inside local to outside global. 



Translate inside local to outside global 


Check the outbound access list. 



Check the policy routing 


Inspect CBAC. 


QUESTION 378 

Drag and Drop Question 


Drag and drop the argument of the ip cef load-sharing algorithm command on the left to the function it performs on the right 


original 


sets the load-balancing algorithm to use a source, 
a destination, and an ID hash 



universal 


sets the load-balandng algorithm for environments with a small number of source and 
destination IP address pairs 



tunnel 


sets the load-balandng algorithm to use Layer 4 information 



indude-ports source destination 


sets the load-balandng algorithm to use a 
source and destination hash 

Answer: 


Drag and drop the argument of the ip cef load-sharing algorithm command on the left to the function it performs on the right. 



original 


universal 



universal 


tunnel 



tunnel 


include-ports source destination 



include-ports source destination 


original 


QUESTION 379 

Drag and Drop Question 


Drag and drop the Cisco IOXXE subpackage on the left to the function it performs on the right. 



RPIOS 


provisions the Cisco IOS Software kernel from which the 


IOS software features are housed and run 



ESPBase 


produces the ESP software. ESP operating system, and 
control processes 



SIPBase 


manages the Cisco IOS Software and the rest of the platform 
via the control plane 



RPControl 


manages the Session initiation Protocol carrier card 


operating system and control processes 


Answer: 
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Drag and drop the Cisco IOX XE subpackage on the left to the function it performs on the right. 




RPIOS 


RPIOS 




ESPBase 


ESPBase 




SIPBase 

RPControl 



RPControl 

SIPBase 




QUESTION 380 

Drag and Drop Question 


Drag and drop the LACP elements on the left into the correct priority order in the hot-standby port-selection process on the right 


switch MAC address 


port number 


LACP system priority 


LACP port priority 


Answer: 


Drag and drop the LACP elements on the left into the correct priority order in the hot-standby port-selection process on the right. 


switch MAC address 


LACP system priority 


port number 


switch MAC address 



LACP system priority 


LACP port priority 



LACP port priority 


port number 


QUESTION 381 

Drag and Drop Question 


Drag and drop the RIP configuration command on the left to the function it performs on the right. 



ip rip triggered 


controls the advertisement of routes on an interface 



default-information originate 


divides traffic among routes with the lowest cost 



ip split-horizon 


configures the router to send information only when the 
routing database is updated 



traffic-share min 


configures the router to source the network with RIP 


Answer: 
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Drag and drop the RIP configuration command on the left to the function it performs on the right. 



ip rip triggered 


ip split-horizon 



default-information originate 


traffic-share min 



ip split-horizon 


ip rip triggered 



traffic-share min 


default-information originate 


QUESTION 382 

Drag and Drop Question 


Drag and drop each step in the performance-monitoring configuration process on the left into the correct order on the right 


Configure a policy with at least one performance-monitor type flow monitor. 


Configure a flow record. 


2 



Configure a class that describes the filtering criteria. 


3 



Associate a performance-monitor type policy with its 
corresponding interface 


4 



Configure a flow monitor that includes the flow record 
and flow exporter. 


5 

Answer: 

Drag and drop each step in the performance-monitoring configuration process on the left into the correct order on the right 



Configure a policy with at least one performance-monitor type flow monitor. 


Configure a flow record. 



Configure a flow record. 


Configure a flow monitor that includes the flow record 
and flow exporter. 




Configure a class that describes the filtering criteria. 

Configure a class that describes the filtering criteria. 



Associate a performance-monitor type policy with its 
corresponding interface. 


Configure a policy with at least one performance-monitor type flow monitor. 



Configure a flow monitor that includes the flow record 
and flow exporter. 


Associate a performance-monitor type policy with its 
corresponding interface. 


QUESTION 383 

Drag and Drop Question 
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Drag and drop each EIGRP element on the left to the corresponding definition on the right. 




Feasibility Condition 


the metric for a route advertised by EIGRP 



Feasible Distance 


the lowest sum of the EIGRP metric and the metric used 
to reach the next hop 



Feasible Successor 

a route that could become the best path 




Neighbor Table 


the route currently in use as the best path 




Reported Distance 


a list of EIGRP devices that have a direct physical connection 




Successor 


the requirement that the RD of a new route is lower than the FD 
of the current route 


Answer: 


Drag and drop each EIGRP element on the left to the corresponding definition on the right. 



Feasibility Condition 


Reported Distance 



Feasible Distance 


Feasible Distance 




Feasible Successor 


Feasible Successor 



NeighborTable 


Successor 



Reported Distance 


NeighborTable 




Successor 


Feasibility Condition 


QUESTION 384 

Drag and Drop Question 


Drag and drop each BGP attribute on the left to the matching description on the right. 



AS_PATH 


sets the value used to reach the advertising router 



community 


an attribute whose value can affect the preferred path for eBGP peers 



LOCAL_PREF 


an attribute whose value is shared within iBGP 



MED 


supports values of IGP. EGP. and INCOMPLETE 



NEXT_HOP 


a Cisco proprietary attribute that is local to the individual router 



origin 


allows the administrator to customize path selection 
by grouping routes 



weight 


a list that shows the path through which a route has passed 


Answer: 
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Drag and drop each BGP attribute on the left to the matching description on the right. 




AS_PATH 


NEXTJHOP 


community 

MED 

LOCAL_PREF 

LOCAL_PREF 

MED 


origin 



NEXT.HOP 


weight 



origin 


community 


weight 

AS_PATH 


QUESTION 385 

Drag and Drop Question 


Drag and drop each GET VPN feature on the left to the corresponding function it performs on the right 


GDOI 


uses pseudotime to prevent replay 




KEK 


encrypts the rekey message 




SAR 


encrypts data between group members 




TEK 


handles communication between group members and 
a group controller or key server 


Answer: 


Drag and drop each GET VPN feature on the left to the corresponding function it performs on the right. 


GDOI 


SAR 



KEK 


KEK 



SAR 

TEK 




TEK 


GDOI 


QUESTION 386 

Drag and Drop Question 
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Drag and drop each SNMP security model and level on the left to the corresponding mode of authentication on the right. 




SNMPv2c-noAuthNoPriv 


provides HMAC-MD5 or HMAC-SHA authentication with 

DES 56-bit encryption 


SNMPv3-authNoPriv 


authenticates with a user name match 




SNMPv3-authPriv 


provides HMAC-MD5 or HMAC-SHA authentication without encryption 




SNMPv3-noAuthNoPrlv 


authenticates with a community string match 


Answer: 


Drag and drop each SNMP security model and level on the left to the corresponding mode of authentication on the right. 




SNMPv2c-noAuthNoPriv 


SNMPv3-authPriv 




SNMPv3-authNoPriv 


SNMPv3-noAuthNoPriv 



SNMPv3-authPriv 


SNMPv3-authNoPriv 



SNMPv3-noAuthNoPriv 


SNMPv2c-noAuthNoPriv 




QUESTION 387 

Drag and Drop Question 



Answer: 
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Drag and drop each description of IPv6 transition technology on the left to the matching IPv6 transition technology category on the right 


encapsulates IPv6 packets within IPv4 packets 

Dual-Stack Network 

requires IPv6-capable infrastructure 


supports translation between IPv4 and IPv6 by using algorithms 
to map addresses 


uses routing protocols to maintain IPv4 and IPv6 routing adjacencies 


supports stateful translation between IPv4 and IPv6 with 
static and manual mappings 




Tunneling 

requires IPv6-capable infrastructure 

encapsulates IPv6 packets within IPv4 packets 


uses routing protocols to maintain IPv4 and IPv6 routing adjacencies 


encapsulates IPv4 packets within IPv6 packets 


encapsulates IPv4 packets within IPv6 packets 



NAT64 


supports translation between IPv4 and IPv6 by using algorithms 
to map addresses 


supports stateful translation between IPv4 and IPv6 with 
static and manual mappings 



QUESTION 388 

Refer to the exhibit. Which action must you take to enable full reachability from router C to router 
D? 


Router A 

EIGRP 


OSPF 
Area 0 



Router C 



Router B 



OSPF 
Area 0 



Router D 


A. Build an OSPF virtual link. 

B. Build an OSPF sham link. 

C. Configure mutual redistribution between OSPF and EIGRP on routers A and B. 

D. Add a static route on router D. 

Answer: C 


QUESTION 389 
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Which two Cisco Express Forwarding tables are located in the data plane? (Choose two.) 

A. the forwarding information base 

B. the label forwarding information base 

C. the IP routing table 

D. the label information table 

E. the adjacency table 

Answer: AB 


QUESTION 390 

Which option is the most effective action to avoid packet loss due to microbursts? 

A. Implement larger buffers. 

B. Install a faster CPU. 

C. Install a faster network interface. 

D. Configure a larger tx-ring size. 

Answer: A 


QUESTION 391 

Which two statements about packet fragmentation on an IPv6 network are true? (Choose two.) 

A. The fragment header is 64 bits long. 

B. The identification field is 32 bits long. 

C. The fragment header is 32 bits long. 

D. The identification field is 64 bits long. 

E. The MTU must be a minimum of 1280 bytes. 

F. The fragment header is 48 bits long. 

Answer: AB 


QUESTION 392 

You are backing up a server with a 1 Gbps link and a latency of 2 ms. Which two statements 
about the backup are true? (Choose two.) 

A. The bandwidth delay product is 2 Mb. 

B. The default TCP send window size is the limiting factor. 

C. The default TCP receive window size is the limiting factor. 

D. The bandwidth delay product is 500 Mb. 

E. The bandwidth delay product is 50 Mb. 

Answer: AC 


QUESTION 393 

Which two pieces of information does RTCP use to inform endpoint devices about the RTP flow? 
(Choose two.) 

A. the transmitted octet 
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B. the lost packet count 

C. session control function provisioning information 

D. the CNAME for session participants 

E. the authentication method 

F. MTU size changes in the path of the flow 

Answer: AB 


QUESTION 394 

Which two options are required parts of an EEM policy? (Choose two.) 

A. event register keyword 

B. body 

C. environment must defines 

D. namespace import 

E. entry status 

F. exit status 

Answer: AB 

QUESTION 395 

Which two actions can you take to allow the greatest number of pertinent packets to be stored in 
the temporary buffer of Cisco IOS Embedded Packet Capture? (Choose two.) 

A. Specify the sampling interval. 

B. Specify the capture buffer type. 

C. Specify a reflexive ACL. 

D. Specify the minimum packet capture rate. 

E. Specify the packet size. 

F. Store the capture simultaneously onto an external memory card as the capture occurs. 

Answer: AB 


QUESTION 396 

Which technology can be used to secure the core of an STP domain? 

A. UplinkFast 

B. BPDU guard 

C. BPDU filter 

D. root guard 

Answer: D 


QUESTION 397 

What is the destination multicast MAC address for BPDUs on the native VLAN, for a switch that is 
running 802.1 D? 

A. 0185. C400. 0000 
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B. 0100.0CCC.CCCC 

C. 0100.0CCC.CCCD 

D. 0180. C200. 0000 

Answer: D 


QUESTION 398 

Refer to the exhibit. All switches have default bridge priorities, and originate BPDUs with MAC 
addresses as indicated. The numbers shown are STP link metrics. 


Priority 32768 
MAC Address 
f4ac.dc4.2b83 


Priority 32768 
MAC Address 
(4ac c1c4 2b84 


Priority: 32768 
MAC Address: 


f4ac c1c4 2b80 



(4acc1c4 2b86 


Priority: 32768 
MAC Address 
f4ac.cic4 2b82 


Priority 32768 
MAC Address 
I4ac.ctc4 2b85 


After STP converges, you discover that traffic from switch SWG toward switch SWD takes a less 
optimal path. What can you do to optimize the STP tree in this switched network? 

A. Change the priority of switch SWA to a lower value than the default value. 

B. Change the priority of switch SWB to a higher value than the default value. 

C. Change the priority of switch SWG to a higher value than the default value. 

D. Change the priority of switch SWD to a lower value than the default value. 
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Answer: D 

QUESTION 399 

Which three statements are true about VSS? (Choose three.) 

A. VSS separates the control planes of the active and the standby chassis. 

B. Configuration changes can be made on both active and standby chassis. 

C. When the VSS active chassis recovers after a failure, it initiates a switchover and takes on the 
active role again. 

D. VSS unifies the control planes of the active and the standby chassis. 

E. HSRP configuration is not required to run VSS. 

F. The VSS standby chassis monitors the VSS active chassis using the VSL. 

Answer: DEF 

QUESTION 400 

Which flag in a configuration BPDU instructs all switches to shorten their bridge table aging 
process from the default 300 seconds to the current forward delay value? 

A. topology change bit 

B. topology change acknowledgment bit 

C. priority bit 

D. max-age bit 


Answer: A 


QUESTION 401 

Refer to the exhibit. Which technology can be used on the switch to enable host A to receive 
multicast packets for 239.2.2.2 but prevent host B from receiving them? 




Host A 


HostB 
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A. IGMP filtering 

B. MLD snooping 

C. IGMP snooping 

D. MLD filtering 

Answer: C 


QUESTION 402 

Which option describes the purpose of the PPP endpoint discriminator? 

A. It identifies the maximum payload packet. 

B. It notifies the peer that it prefers 12-bit sequence numbers. 

C. It identifies the system attached to the link. 

D. It determines whether a loopback is on the link. 

Answer: C 


QUESTION 403 

Which three statements about SPAN traffic monitoring are true? (Choose three.) 

A. Traffic from a non-source VLAN is discarded when it arrives on a source VLAN. 

B. Multiple sessions can send traffic to an individual destination port. 

C. It supports up to 32 SPAN ports per switch. 

D. The destination port acts as a normal switchport. 

E. It supports up to 64 SPAN ports per switch. 

F. Only one session can send traffic to an individual destination port. 

Answer: AEF 


QUESTION 404 

Which option describes how a VTPv3 device responds when it detects a VTPv2 device on a trunk 
port? 

A. It sends VTPv3 packets only. 

B. It sends VTPv2 packets only. 

C. It sends VTPv3 and VTPv2 packets. 

D. It sends a special packet that contains VTPv3 and VTPv2 packet information. 

Answer: C 


QUESTION 405 

Which three statements about bridge assurance are true? (Choose three.) 

A. Bridge assurance must be enabled on both ends of a link. 

B. Bridge assurance can be enabled on one end of a link or on both ends. 

C. Bridge assurance is enabled on STP point-to-point links only. 

D. Bridge assurance is enabled on STP multipoint links only. 

E. If a bridge assurance port fails to receive a BPDU after a timeout, the port is put into a blocking state. 
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F. If a bridge assurance port fails to receive a BPDU after a timeout, the port is put into an error 
disabled state. 

Answer: ACE 


QUESTION 406 

What is the hop limit for an MLD message? 

A. 1 

B. 2 

C. 15 

D. 255 

Answer: A 


QUESTION 407 

Refer to the exhibit. Which action must you take to enable the WAN link to function properly? 



R1 R2 

interface SerialO interface Setiall 

ip address 10.1.1.1 255.255.:SS.O ip address 10.1.1.2 255.255.2SS.0 


A. Enter a clock rate on the DCE interface. 

B. Enter a clock rate on the DTE interface. 

C. Enter a compression algorithm on both interfaces. 

D. Configure both interfaces for HDLC encapsulation. 

Answer: A 


QUESTION 408 

Which two options are the two main phases of PPPoE? (Choose two.) 

A. Active Discovery Phase 

B. IKE Phase 

C. Main Mode Phase 

D. PPP Session Phase 

E. Aggressive Mode Phase 

F. Negotiation Phase 

Answer: AD 


QUESTION 409 

Which three statements about EVCs are true? (Choose three.) 
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A. Spanning Tree must use MST mode on EVC ports. 

B. PAGP is supported on EVC ports. 

C. Spanning Tree must use RSTP mode on EVC ports. 

D. LACP is supported on EVC ports. 

E. Layer 2 multicast framing is supported. 

F. Bridge domain routing is required. 

Answer: ABD 


QUESTION 410 

Refer to the exhibit. Why is the router out of memory? 


Router#show version 

Router processor (revision 0x00) with 524283K bytes of memory. 


Router#show memory statistics 

Head Total(b) Used(b) 

Processor 3SA6400 405117952 360086164 


Free(b) Lowest(b) Largest(b) 
1031788 37130412 34036896 


Router#show process memory 
PID TTY Allocated Freed Holding 

0 0 73373216 1706280 69497168 

154 0 1103256760 1247933568 311905892 

327 0 212528944 322521272 44071084 


Getbufs Retbufs Process 

0 0 *Init* 

204360 0 BGP Router 

0 0 IP RIB Update 


Router#show ip bgp summary 

BGP router identifier 1.1.1.1, local AS number 65000 

BGP table version is 310248959, main routing table version 310248959 

246316 network entries using 29557920 bytes of memory 

1586197 path entries using 76137456 bytes of memory 

256960/41528 BGP path/bestpath attribute entries using 27751680 bytes of memory 
440 BGP rrinfo entries using 10560 bytes of memory 
115467 BGP AS-PATH entries using 3047533 bytes of memory 
5952 BGP community entries using 479704 bytes of memory 
0 BGP route-map cache entries using 0 bytes of memory 
230723 3GP filter-list cache entries using 2768676 bytes of memory 
BGP using 139753534 total bytes of memory 
Dampening enabled. 8 history paths, 0 dampened paths 
631350 received paths for inbound soft reconfiguration 
3GP activity 9798913/9552597 prefixes, 220384574/218798377 paths, 


Neighbor V AS MsgRcvd MsgSent TblVer 

1.1.1.2 4 65001 39985912 1384531 310248959 

1.1.1.3 4 65001 12269759 529250 310248959 

1.1.1.4 4 65001 42728751 20209410 310243959 

1.1.1.5 4 65001 46624114 20179383 310248959 


InQ OutQ Up/Down 
0 0 9wld 

0 0 26w0d 

0 0 32w2d 

0 0 lyl4w 


scan interval 60 secs 
State/PfxRcd 
277030 
276929 
200372 
200372 


A. The router is experiencing a BGP memory leak software defect. 

B. The BGP peers have been up for too long. 

C. The amount of BGP update traffic in the network is too high. 

D. The router has insufficient memory due to the size of the BGP database. 

Answer: D 

QUESTION 411 

Refer to the exhibit. Why is the OSPF state in 2WAY/DROTHER? 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


163 















Pass Leader’ 

Leader of IT Certifications 


Rl#show ip ospf 

nei< 

ghbor 




Neighbor ID 

Pri 

State 

Dead Time 

Address 

Interface 

192.163.2.2 

0 

2WAY/BROTHER 

00:00:35 

10.25.123.2 

Ethernet0/0 

192.163.3.3 

Rl# 

0 

2WAY/ BROTHER 

00:00:33 

10.25.123.3 

Ethernet0/0 


A. This is the expected output when the interface EthernetO/O of R1 is configured with OSPF Priority 0. 

B. There is a duplicate router ID. 

C. There is an MTU mismatch. 

D. There is an OSPF timer (hello/dead) mismatch. 

E. This is the expected output when R1 is the DR. 

Answer: A 


QUESTION 412 

In a nonbackbone OSPF area, all traffic that is destined to the Internet is routed by using a default 
route that is originated by the ABR. Which change in the configuration of the OSPF area type 
causes traffic from that area that is destined to the Internet to be dropped? 

A. The OSPF area changes from NSSA to totally stubby area. 

B. The OSPF area changes from NSSA to regular area. 

C. The OSPF area changes from stub area to totally stubby area. 

D. The OSPF area changes from stub area to NSSA. 

Answer: D 


QUESTION 413 

Refer to the exhibit. When the link between RtrB and RtrC goes down, multicast receivers stop 
receiving traffic from the source for multicast group 229.1.1.1 .Which solution will resolve this? 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


164 















Pass Leader’ 

Leader of IT Certifications 


All linksare part of OSPF process 1 area 0 
Each link has an OSPF cost 10. 

PIM SM is running on all the router interfaces except link RtrB-RtrF. 
RtrCisthe RP for group 229.1.1.1 


RtrA RtrB RtrC 


RtrD RtrE 



Receiverfor group 229.1.1.1 


RtrF 


Source for multicast group 
229.1.1.1 


RtrG 


A. adding a static mroute on RtrB and RtrF 

B. adding a static unicast route on RtrB and RtrF 

C. creating a GRE tunnel between RtrB and RtrD 

D. enabling PIM sparse mode on both ends of the link between RtrB and RtrF 

Answer: D 


QUESTION 414 

Which measure does ISIS use to avoid sending traffic with a wrong MTU configuration? 

A. ISIS does not protect from MTU mismatch. 

B. MTU value is communicated in ISIS Sequence Number PDUs (SNP), and ISIS adjacency is not 
established if an MTU mismatch is detected. 

C. ISIS uses path MTU discovery as specified in RFC 1063. 

D. ISIS uses padding of hello packets to full MTU. 

Answer: D 


QUESTION 415 

Which regular expression will match prefixes from the AS 200 that is directly connected to our 
AS? 

A. A $ 

B. A 200) 

C. __200$ 

D. _200_ 

E. A 200_ 

Answer: E 
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QUESTION 416 

Refer to the exhibit. Assuming that the peer is configured correctly and the interface is up, how 
many neighbors will be seen in the EIGRPv6 neighbor table on this IPv6-only router? 


interface LoopbacklO 
no lp address 

ipv€ address 6010:A38:s/64 eul-64 

I 

interface LoopbacklO 
no ip address 

ipvc address 6020:A33::/€4 eui-64 

interface Ethernet0/0 
no ip address 
ipv€ enable 
ipv€ eigrp 50 

i 

ipv6 router eigrp 50 


A. one neighbor, which will use a local router-id of 6010. AB8.. /64 

B. one neighbor, which will use a local router-id of 6020. AB8.. /64 

C. none, because EIGRPv6 only supports authenticated peers 

D. none, because of the mismatch of timers 

E. none, because there is no EIGRP router ID configured 

Answer: E 


QUESTION 417 

What does a nonzero forwarding address indicate in a type-5 LSA? 

A. It indicates that this link-state ID is eligible for ECMP. 

B. It indicates that this router should have an OSPF neighbor relationship with the forwarding address 
before using this link-state ID. 

C. It indicates that the receiving router must check that the next hop is reachable in its routing table 
before using this link-state ID. 

D. It indicates that traffic can be directly routed to this next hop in shared segment scenarios where 
the external route source is directly connected. 

Answer: D 


QUESTION 418 

Which type of EIGRP routes are summarized by the auto-summary command? 

A. internal routes that are learned from a peer that is outside the range of local network statements 

B. external routes that are learned from a peer that is inside the range of local network statements 
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C. locally created routes that are outside the range of local network statements 

D. external routes that are learned from a peer that is outside the range of local network statements 

Answer: B 


QUESTION 419 

Refer to the exhibit. How can the EIGRP hello and hold time for GigO/O be changed to 5 and 15? 


router eigrp foo 

j 

address-family ipv4 unicast autonomous-system 1 

; 

af-interface default 
hello-interval 10 
hold-time 30 
exit-af-interface 

j 

topology base 
exit-af-topology 
network 10.0.0.0 
exit-address-family 


A. No action is required, since Gig0/0 is not listed with a nondefault hello and hold time. 

B. Add the commands ip hello-interval eigrp 1 5 and ip hold-time eigrp 1 15 under interface Gig0/0. 

C. Add the commands hello-interval 5 and hold-time 15 under "af-interface Gig0/0" under the address family. 

D. Add the commands default hello-interval and default hold-time under the af-interface GigO/O statement 
under the address family. 

Answer: C 


QUESTION 420 

What is the range of addresses that is used for IPv4-mapped IPv6 addresses? 

A. 2001. db9. . /32 

B. 2001. db8. . /32 

C. 2002. ./16 

D. . .ffff. /16 

E. . . ffff. 0. 0/96 

Answer: E 


QUESTION 421 

Which three features require Cisco Express Forwarding? (Choose three.) 

A. NBAR 

B. AutoQoS 

C. fragmentation 
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D. MPLS 

E. UplinkFast 

F. BackboneFast 

Answer: ABD 


QUESTION 422 

Which two options are interface requirements for turbo flooding? (Choose two.) 

A. The interface is Ethernet. 

B. The interface is configured for ARPA encapsulation. 

C. The interface is PPP. 

D. The interface is configured for GRE encapsulation. 

E. The interface is configured for 802.1 Q encapsulation. 

Answer: AB 


QUESTION 423 

Which three option are sub-subfields of the IPv4 Option Type subfield? (Choose three.) 

A. Option Class 

B. GET 

C. Copied 

D. PUSH 

E. Option Number 

F. TTL 

Answer: ACE 


QUESTION 424 

Which TCP mechanism prevents the sender from sending data too quickly for the receiver to 
process? 

A. Congestion control 

B. Error detection 

C. Selective acknowledgement 

D. Flow control 

Answer: D 


QUESTION 425 

Which two packet types does an RTP session consist of? (Choose two.) 

A. TCP 

B. RTCP 

C. RTP 

D. ICMP 

E. BOOTP 
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F. ARP 
Answer: BC 


QUESTION 426 

Which option describes the effect of the OSPF default-information originate always command? 

A. It creates a stub area. 

B. It configures the device to advertise a default route regardless of whether it exists in the routing 
table. 

C. It configures the device to automatically redistribute a default route. 

D. It adds a static default route to the device configuration. 

Answer: B 


QUESTION 427 

Which technology can create a filter for an embedded packet capture? 

A. Control plane policing 

B. Access lists 

C. NBAR 

D. Traffic shaping 

Answer: B 


QUESTION 428 

Which two options are reasons to manipulate the delay metric instead of the bandwidth metric for 
EIGRP routing? (Choose two.) 

A. Because the delay metric provides better handling for bursty traffic 

B. Because manipulating the bandwidth metric can also affect QoS 

C. Because manipulating the bandwidth affects only a particular path 

D. Because changes to the delay metric are propagated to all neighbors on a segment 

Answer: BD 


QUESTION 429 

Which option describes a limitation of Embedded Packet Capture? 

A. It can capture data only on physical interfaces and subinterfaces. 

B. It can store only packet data. 

C. It can capture multicast packets only on ingress. 

D. It can capture multicast packets only on egress. 

Answer: C 


QUESTION 430 

Which statement about Cisco Discovery Protocol is true? 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


169 














Pass Leader’ 

Leader of IT Certifications 


A. The multicast address 0100.0cdd.dddd is used as the destination address for periodic advertisements. 

B. An inactive VLAN that is configured on an access port passes periodic Cisco Discovery Protocol 
advertisements. 

C. The multicast address 0100.0ccc.ccd is used as the destination address for periodic advertisements. 

D. A VLAN must be active on an access port before periodic Cisco Discovery Protocol advertisements 
are passed. 

Answer: D 


QUESTION 431 

Which three TLVs does LLDP use to discover network devices? (Choose three.) 

A. Management address 

B. Port description 

C. Network policy 

D. System name 

E. Location information 

F. Power management 

Answer: ABD 


QUESTION 432 

Which command enables L2 QoS support in all VLANs (including the native VLAN)? 

A. switchport priority extend cos 

B. mis qos trust dscp 

C. mis qos rewrite ip dscp 

D. switchport trunk native vlan tag 

Answer: D 


QUESTION 433 

Which three modes are valid for forming an EtherChannel between the ports of two switches? 
(Choose three.) 

A. Active/active 

B. Active/passive 

C. Passive/passive 

D. Auto/auto 

E. Auto/desirable 

F. Desirable/on 

Answer: ABE 


QUESTION 434 

In which 802.1 D port state are the root bridge, the root port, and the designated port(s) elected? 
A. Listening 
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B. learning 

C. forwarding 

D. blocking 

E. disabled 

Answer: A 


QUESTION 435 

Refer to the exhibit. A Cisco Catalyst 6500 Series Switch experiences high CPU utilization. 
What can be the cause of this issue, and how can it be prevented? 


switch#show mis cef exception status 
Current IPv4 FI3 exception state = TRUE 

Current IPv6 FI3 exception state = FALSE 

Current MPLS FI3 exception state = FALSE 


A. The hardware routing table is full. Redistribute from BGP into IGP. 

B. The software routing table is full. Redistribute from BGP into IGP. 

C. The hardware routing table is full. Reduce the number of routes in the routing table. 

D. The software routing table is full. Reduce the number of routes in the routing table. 

Answer: C 


QUESTION 436 

In a network where a Layer 2 switch interconnects several routers, which feature restricts 
multicast packets for each IP multicast group to only those mulicast router ports that have 
downstream receivers joined to that group? 

A. PIM snooping 

B. IGMP snooping 

C. IGMP filter 

D. IGMP proxy 

Answer: A 


QUESTION 437 

Which three statements about Cisco HDLC are true? (Choose three.) 

A. HDLC serial encapsulation provides asynchronous framing and error detection. 

B. Serial link keepalives are maintained by SLARP. 

C. HDLC serial encapsulation provides synchronous framing without retransmission. 

D. HDLC frame size can be reduced with MPPC compression. 

E. The interface is brought down after five ignored keepalives. 

F. The interface is brought down after three ignored keepalives. 

Answer: BCF 


QUESTION 438 
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Which two fields reside in the initial CHAP challenge packet? (Choose two.) 

A. the authentication name of the challenger 

B. a random hash value generated by the device 

C. the hashed packet type ID 

D. the packet type ID in clear text 

Answer: AD 


QUESTION 439 

Which statement about WAN Ethernet Services is true? 

A. Rate-limiting can be configured per EVC. 

B. Point-to-point processing and encapsulation are performed on the customer network. 

C. Ethernet multipoint services function as a multipoint-to-multipoint VLAN-based connection. 

D. UNIs can perform service multiplexing and all-in-one bundling. 

Answer: A 


QUESTION 440 

What is the maximum number of secondary IP addresses that can be configured on a router 
interface? 

A. 1 

B. 2 

C. 4 

D. 1024 

E. 65535 

F. no limit to the number of addresses 

Answer: F 


QUESTION 441 

Which address is a MAC address that is mapped from an IPv6 address (RFC 2464)? 

A. 3333.FF17.FC0F 

B. FFFE. FF17.FC0F 

C. FF34.3333.FF17 

D. FF7E.FF17.FC0F 

Answer: A 


QUESTION 442 

Which multicast protocol uses source trees and RPF? 

A. DVMRP 

B. PIM sparse mode 

C. CBT 
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D. mOSPF 

Answer: A 


QUESTION 443 

What is the function of the command ip pirn autorp listener? 

A. It allows a border PIM sparse mode router to accept autorp information from another autonomous 
system. 

B. It allows the mapping agents to accept autorp information from the PIM rendezvous point. 

C. It allows the routers to flood the autorp information in a sparse-mode-only network. 

D. It allows a BSR to accept autorp information and translate it into BSR messages. 

Answer: C 


QUESTION 444 

Refer to the exhibit. Which statement is true about why the first-hop PIM IPv6 router is stuck in 
registering? 


FHRtshow ipv6 mroute FF7E::1234 

(2001:db8::7, FF7E::1234), 00:02:27/00:01:02, flags: SFT 
Incoming interface: Ethernetl/0 

RPF nbr: FE80::A8BB:CCFF:FE00:701, Registering 
Immediate Outgoing interface list: 

Tunnel2, Forward, 00:01:38/never 


A. The scope of the IPv6 multicast address is link-local. 

B. The outgoing interface for the IPv6 multicast group should not be a tunnel interface. 

C. The R-bit is set in the IPv6 address, but this is not an embedded RP multicast IPv6 address. 

D. The S flag should not be set on a first-hop PIM router. 

E. A multicast IPv6 address does not start with FF. 

Answer: C 

QUESTION 445 

Refer to the exhibit. Which option is the result of this configuration? 
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ip access-list extended REDIRECT 
permit tcp any any eq 25 

i 

route-map REDIPECT 10 

match ip address REDIRECT-SNMP 

set interface GigabitEthernetl/O 

interface loopbackO 

ip address 172.21.254.254 255.255.252.0 

I 

ip local policy route-map REDIPECT-SNMP 


A. All SNMP traffic coming into the router is redirected to interface GigabitEthernetl/O. 

B. All SNMP traffic generated from the router is redirected to interface GigabitEthernetl/O. 

C. All SMTP traffic generated from the router is redirected to interface GigabitEthernetl/O. 

D. All POP3 traffic coming into the router is redirected to interface GigabitEthernetl/O. 

E. All SMTP traffic coming into the router is redirected to interface GigabitEthernetl/O. 

Answer: C 


QUESTION 446 

Which three statements about EIGRP and BFD are true? (Choose three.) 

A. BFD is independent of the routing protocol, so it can be used as a generic failure detection 
mechanism for EIGRP. 

B. Some parts of BFD can be distributed to the data plane, so it can be less CPU-intensive than 
reduced timers, which exist wholly at the control plane. 

C. Reduced EIGRP timers have an absolute minimum detection timer of 1 -2 seconds; BFD can 
provide sub-second failure detection. 

D. BFD is tied to specific routing protocols and can be used for generic fault detection for the OSPF, 
EIGRP, and BGP routing protocols. 

E. BFD is dependent on the EIGRP routing protocol, so it can be used as a specific failure detection 
mechanism. 

F. BFD resides on the control plane, so it is less CPU-intensive than if it resided on the data plane. 

Answer: ABC 


QUESTION 447 

You are implementing new addressing with EIGRP routing and must use secondary addresses, 
which are missing from the routing table. Which action is the most efficient solution to the 
problem? 

A. Disable split-horizon on the interfaces with secondary addresses. 

B. Disable split-horizon inside the EIGRP process on the router with the secondary interface 
addresses. 

C. Add additional router interfaces and move the secondary addresses to the new interfaces. 

D. Use a different routing protocol and redistribute the routes between EIGRP and the new protocol. 
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Answer: A 


QUESTION 448 

Refer to the exhibit. Which two options are possible states for the interface configured with the 
given OSPFv3 authentication? (Choose two.) 


P.l(con£ig-if)iJiipve ospf authentication ipsec spi 25o md5 0 o-routes 


A. GOING UP 

B. DOWN 

C. UNCONFIGURED 

D. GOING DOWN 

Answer: AB 


QUESTION 449 

Refer to the exhibit. The device with this configuration is unable to reach network 172.31.31.0/24. 
The next hop router has been verified to have full connectivity to the network. 

Which two actions can you take to establish connectivity to the network? (Choose two.) 


ip route 10.0.0.0 255.255.255.0 192.16S.192.9 
ip default-network 172.16.199.9 


A. Create a static route to 172.16.199.0 using the address of the next hop router. 

B. Create a default route to the link address of the next hop router. 

C. Create a static route to the loopback address of the next hop router. 

D. Create a default route to 172.16.199.9. 

E. Modify the existing static route so that the next hop is 0.0.0.0. 

F. Replace the ip default-network command with the ip default-gateway command. 

Answer: AB 


QUESTION 450 

Which algorithm heavily influenced the algorithm used by path-vector protocols? 

A. Bellman-Ford 

B. SPF 

C. DUAL 

D. Spanning-Tree 

E. Adaptive 

F. Deflection 

Answer: A 
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QUESTION 451 

Refer to the exhibit. All of the routers on this network are running RIP. If you edit the R3 RIP 
process configuration to reduce the number of hops from R3 to R1, which statement about the 
configuration change is true? 




GigO/O 


Router R2 
router rip 
version 2 
network 10.0.0.0 
passive-interface default 
no passive-interface GigabitEthernetO/O 
no passive-interface GigabitEthemetO/1 
no passive-interface GigabitEthetnetl/O 


GigO/1 


Router R3 
router rip 
version 2 
network 10.0.0.0 
passive-interface default 


File 

Server 


A. Configuring no passive-interface for GigabitEthernet0/0 in the R3 RIP process reduces the 
number of hops to R1 by 2. 

B. Configuring no passive-interface for GigabitEthernet0/0 in the R3 RIP process reduces the 
number of hops to R1 by 1. 

C. Configuring no passive-interface for GigabitEthernetO/1 in the R3 RIP process reduces the 
number of hops to R1 by 3. 

D. Configuring no passive-interface for GigabitEthernet0/1 in the R3 RIP process reduces the 
number of hops to R1 by 1. 

Answer: A 


QUESTION 452 

Where should the passive-interface command be used? 

A. Under the routing process for interfaces that need to be routed, but prevented from peering 

B. under the routing process for interfaces that need to be routed and allowed to peer 

C. under the interface configuration for interfaces that need to be routed, but prevented from peering 

D. under the interface configuration for interfaces that need to be routed and allowed to peer 

E. under the VTY configuration within global configuration mode 

Answer: A 


QUESTION 453 

Refer to the exhibit. Which statement about the device routing table is true? 
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ip prefix-list EIGRP-RCUTES seq 5 permit 10.10.10.0/24 le 32 

ip prefix-list 0UTB0UHD seq 5 permit 152.168.168.1/32 

router eigrp 65535 

network 152.168.168.0 0.0.255.255 

network 172.31.10.0 0.0.0.255 

distribute-list prefix EIGRP-RCUTES gateway OUTBOUND in 


A. Only networks 10.10.10.0/24 and smaller from host 192.168.168.1 are in the routing table. 

B. Only networks 10.10.10.0/24 and larger from host 192.168.168.1 are in the routing table. 

C. Only network 10.10.10.0/24 from host 192.168.168.1 is in the routing table. 

D. Networks 10.10.10.0/24 and smaller from any host are in the routing table. 

Answer: A 


QUESTION 454 

Refer to the exhibit. R1 is performing mutual redistribution, but OSPF routes from R3 are unable 
to reach R2. Which three options are possible reasons for this behavior? (Choose three.) 



A. R1 requires a seed metric to redistribute RIP. 

B. The RIP version supports only classful subnet masks. 

C. R1 is filtering OSPF routes when redistributing into RIP. 

D. R3 and R1 have the same router ID. 

E. R1 and R3 have an MTU mismatch. 

F. R2 is configured to offset OSPF routes with a metric of 16. 

Answer: ACF 


QUESTION 455 

Refer to the exhibit. If the downstream router has a summary route configured, which two actions 
must you take on the local router to create the summary route that summarizes all routes from the 
downstream router? (Choose two.) 
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Rl#sh ip eigrp 1 topology all 

IP-EIGP.P Topology Table for AS|1)/ID<10.1.1.2) 

Codes: P - Passive, A - Active, U - Update, Q - Query, P. - P.eply, 
r - reply Status, s - sia Status 

P 10.8.1.0/24, 1 successors, FD is 156160, serno 7 
via 10.1.1.1 (156160/128256), FastEthernetl/O 
P 10.1.1.0/24, 1 successors, FD is 28160, serno 1 
via Connected, FastEthernetl/0 
P 10.6.1.0/24, 1 successors, FD is 156160, serno 8 
via 10.1.1.1 (156160/128256), FastEthetnetl/0 


A. Configure the summary address on the interface. 

B. Use 10.0.0.0 255.248.0.0 as the summary route. 

C. Configure the summary address in the EIGRP process. 

D. Use 10.0.0.0 255.252.0.0 as the summary route. 

E. Configure a route map to permit the route. 

F. Configure a distribute list in. 

Answer: AB 


QUESTION 456 

Which three statements about RIP timers are true? (Choose three.) 

A. The default update timer is 30 seconds. 

B. The default invalid timer is 180 seconds. 

C. The default holddown timer is 180 seconds. 

D. The default flush timer is 60 seconds. 

E. The default scan timer is 60 seconds. 

F. The default hello timer is 5 seconds. 

Answer: ABC 


QUESTION 457 

Which timer expiration can lead to an EIGRP route becoming stuck in active? 

A. hello 

B. active 

C. query 

D. hold 

Answer: B 


QUESTION 458 

Which three values can be used to tag external EIGRP routes? (Choose three.) 
A. The router ID of the router that redistributed the route 
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B. The administrative distance of the external protocol 

C. The protocol ID of the external protocol 

D. The cost to reach the router that redistributed the route 

E. The metric from the external protocol 

F. The router ID of the router from which the external protocol route was learned 

Answer: ACE 


QUESTION 459 

Which data plane protocol does EIGRP Over the Top use? 

A. MPLS 

B. GRE 

C. LISP 

D. IP-in-IP 

Answer: C 


QUESTION 460 

Which statement about the feasible distance in EIGRP is true? 

A. It is the maximum metric that should feasibly be considered for installation in the RIB. 

B. It is the minimum metric to reach the destination as stored in the topology table. 

C. It is the metric that is supplied by the best next hop toward the destination. 

D. It is the maximum metric possible based on the maximum hop count that is allowed. 

Answer: B 


QUESTION 461 

Which statement about the EIGRP RTO is true? 

A. It is six times the SRTT. 

B. It is the time that it normally takes for an update to be received by a peer. 

C. It is the time that it normally takes to receive a reply to a query. 

D. It is the average time that it takes for a reliable packet to be acknowledged. 

Answer: A 


QUESTION 462 

Which option describes the purpose of the leak-map keyword in the command eigrp stub 
connected leak- map EigrpLeak? 

A. It allows the specified static routes to be advertised. 

B. It allows exceptions to the route summarization that is configured. 

C. It allows specified EIGRP-learned routes to be advertised. 

D. It restricts specified connected routes from being advertised. 

Answer: C 
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QUESTION 463 

Refer to the exhibit. If OSPF is implemented on the network, which additional configuration is 
needed to allow traffic from host 10.4.1.15/24 to host 10.1.2.20/24? 



A. A virtual link between router 2 and router 4 

B. A virtual link between router 3 and router 4 

C. A virtual link between router 2 and router 3 

D. The current design allows traffic between the two hosts. 

Answer: D 

QUESTION 464 

Refer to the exhibit. Which OSPFv3 routes will be visible in the routing table of R2? 
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Rl: 

interface LocpbackO 
ip address 1.1.1.1 255.255.255.0 
ipv6 address 2001:12::1/128 
ipv6 rip RIPNG enable 

interface FastEthernetO/O 
ip address 10.1.12.1 

255.255.255.0 
duplex auto 
speed auto 

ipv6 address 2001:112::1/64 
ipv6 cspf 1 area 0 

interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 

j 

ip forward-protocol nd 


no ip http server 

no ip http secure-server 


ipv6 router ospf 1 
log-adjacency-changes 
redistribute rip RIPNG 

ipv6 router rip RIPNG 


RIPNG 


RIPNG 

2001:12::1/128 

♦ 


2001:12::2/128 

• 

LoopO 


|LoopO 


FaO/O 2001:112::/64 Fa0/0 

OSPFv3 Area 0 


R2 : 

interface LoopbackO 
ip address 2.2.2.2 255.255.255.0 
ipv6 address 2001:12::2/126 
ipv6 rip RIPNG enable 

interface FastEthernet0/0 
ip address 10.1.12.2 

255.255.255.0 
duplex auto 
speed auto 

ipv6 address 2001:112::2/64 
ipv6 ospf 1 area 0 

i 

interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 

i 

ip forward-protocol nd 


no ip http server 

no ip http secure-server 


ipv6 router ospf 1 
log-adjacency-changes 
redistribute rip RIPNG include- 
connected 

I 

ipv6 router rip RIPNG 


A. 2001:12::1/128 

B. 2001:12::1/128, 2001:112::1/128 

C. 2001:12::2/128 

D. No OSPFv3 routes will be visible. 

Answer: D 


QUESTION 465 

Refer to the exhibit. Rl is configured as shown. Rl is able to establish a neighbor adjacency only 
with R2. Which addition must you make to the Rl configuration to allow it to establish an 
adjacency with R3? 

A. interface gigabitethernet 0/1 

ip address 10.1.0.1 255.255.255.0 
ip ospf network point-to-point 

B. interface gigabitethernet 0/1 

ip address 10.1.0.1 255.255.255.0 
ip ospf 1 area 0 

C. router ospf 1 

network 10.1.0.0 0.0.0.255 area 1 

D. router ospf 1 
area 0 stub 

Answer: C 


QUESTION 466 

Which option describes how a router responds if LSA throttling is configured and it receives the 
identical LSA before the interval is set? 
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A. The LSA is added to the OSPF database and a notification is sent to the sending router to slow 
down its LSA packet updates. 

B. The LSA is added to the OSPF database. 

C. The LSA is ignored. 

D. The LSA is ignored and a notification is sent to the sending router to slow down its LSA packet 
updates. 

Answer: C 


QUESTION 467 

Which two options are valid for the number of bytes in a BGP AS number? (Choose two.) 

A. 2 bytes 

B. 4 bytes 

C. 6 bytes 

D. 8 bytes 

E. 16 bytes 

Answer: AB 


QUESTION 468 

Refer to the exhibit. Why is the loopback 0 interface of R4 missing in the routing table of R2? 


hostname R3 
router ospf 1 

network 0.0.0.0 255.255.255.255 area 0 
router bgp 65001 

network 3.3.3.0 mask 255.255.255.0 
neighbor 10.1.23.2 remote-as 65001 
neighbor 10.1.23.2 route-reflector-client 
neighbor 10.1.34.4 remote-as 65001 
neighbor 10.1.34.4 route-reflector-client 
no auto-summary 
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A. R2 is configured as a route reflector client. 

B. There is no peering between R2 and R3. 

C. The next hop is not reachable from R2. 

D. The route originated within the same AS. 

Answer: B 


QUESTION 469 

Which statement about the BGP scope of the cost community is true? 

A. It is shared with IBGP neighbors only. 

B. It is shared with IBGP neighbors and route reflectors. 

C. It is shared with EBGP neighbors only. 

D. It is shared with IBGP and EBGP neighbors. 

E. It is shared with IBGP and confederation peers. 

Answer: E 


QUESTION 470 

Which statement is true about conditional advertisements? 

A. Conditional advertisements create routes when a predefined condition is met. 

B. Conditional advertisements create routes when a predefined condition is not met. 

C. Conditional advertisements delete routes when a predefined condition is met. 

D. Conditional advertisements create routes and withhold them until a predefined condition is met. 

E. Conditional advertisements do not create routes, they only withhold them until a predefined 
condition is met. 

Answer: E 


QUESTION 471 

Refer to the exhibit. How can Router X in AS70000 peer with Router Y in AS65000, in case 
Router Y supports only 2-byte ASNs? 



A. Router X should be configured with a remove-private-as command, because this will establish the 
peering session with a random private 2-byte ASN. 

B. It is not possible. Router Y must be upgraded to an image that supports 4-byte ASN. 

C. Router Y should be configured with a 4-byte AS using the local-as command. 
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D. Router X should be configured with a 2-byte AS using the local-as command. 

Answer: D 


QUESTION 472 

Which statement about BGP and diverse path advertisement is true? 

A. The BGP best-path selection must be disabled. 

B. The BGP best-path selection algorithm has been changed to always ignore the IGP metric. 

C. The BGP best-path selection algorithm has been changed so that two BGP paths can be flagged 
as best in the BGP table. 

D. The BGP best-path selection algorithm has not been changed. 

E. The BGP best-path selection is disabled for BGP routes for which the feature is enabled. 

Answer: D 

QUESTION 473 

For which two conditions is Cisco Express Forwarding recursion disabled by default when the 
BGP Prefix Independent Convergence functionality is enabled? (Choose two.) 

A. next hops learned with a /24 mask 

B. next hops learned with any mask shorter than /32 

C. next hops learned with a /32 mask 

D. next hops that are directly connected 

Answer: CD 


QUESTION 474 

How many bytes comprise the system ID within an IS-IS NET? 

A. 4 bytes 

B. 6 bytes 

C. 8 bytes 

D. 16 bytes 

E. 20 bytes 

Answer: B 


QUESTION 475 

Which two statements about IS-IS are true? (Choose two.) 

A. The default hello interval is 10 seconds and the default hold timer is 30 seconds. 

B. The hello interval can be changed on a per-interface basis with the command isis hello- multiplier. 

C. Both routers need to have the same hello intervals and hold timers in order to form IS-IS 
neighbors. 

D. Both IS-IS routers need to have the same capabilities in the hello packet in order to form 
neighbors. 

Answer: AB 
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QUESTION 476 

Which bit should be set in the link-state PDU of an IS-IS L1/L2 router to indicate that it is a 
potential exit point of the area? 

A. the ABR bit 

B. the ATT bit 

C. the down bit 

D. the P bit 

Answer: B 


QUESTION 477 

MPLS LDP IGP synchronization is configured on a link. The OSPF adjacency on that link is UP 
but MPLS LDP synchronization is not achieved. Which statement about this scenario is true? 

A. The router excludes the link from its OSPF LSA type 1. 

B. The router flushes its own router LSA. 

C. The router advertises the link in its router LSA with max-metric. 

D. The router advertises an LSA type 2 for this link, with the metric set to max-metric. 

E. The router advertises the link and OSPF adjacency as it would when the synchronization is 
achieved. 

Answer: C 


QUESTION 478 

What is the new designation for the MPLS EXP (experimental) bits? 

A. QoS bits 

B. traffic class bits 

C. flow bits 

D. precedence bits 

Answer: B 


QUESTION 479 

Which two options are signaling protocols that are used in MPLS? (Choose two.) 

A. LDP 

B. RSVP 

C. BFD 

D. LISP 

E. CLNS 

F. CDP 

Answer: AB 


QUESTION 480 
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Which option is an incorrect design consideration when deploying OSPF areas? 

A. area 1 - area 0 - MPLS VPN backbone - area 0 - area 2 

B. area 1 - MPLS VPN backbone - area 2 

C. area 1 - MPLS VPN backbone - area 1 

D. area 2 - area 0 - MPLS VPN backbone - area 1 

E. area 0 - area 2 - MPLS VPN superbackbone - area 1 

Answer: E 


QUESTION 481 

Refer to the exhibit. Which statement about the route target for 192.168.1.0/24 is true? 


ip vrf 10051 

rd 10.1.1.1:10051 

route-target export 64512:100010051 
route-target import 64512:100010051 

ip access-list standard mgmtl-10051 
permit 192.168.1.0 0.0.0.255 

route-map 10051-export permit 10 
match ip address mgmtl-10051 
set extccmmunity rt 64512:3002300 

route-map 10051-export permit 20 
match ip address mgmtl-10051 

set extcommunity rt 64512:2002250 64512:3002300 additive 


A. Its route target is 64512:100010051. 

B. Its route targets are 64512:100010051, 64512:2002250, and 64512:3002300. 

C. Its route target is 64512:3002300. 

D. Its route targets are 64512:100010051 and 64512:3002300. 

E. Its route targets are 64512:2002250 and 64512:3002300. 

Answer: C 


QUESTION 482 

Which two options are benefits of EIGRP OTP? (Choose two.) 

A. It allows EIGRP routers to peer across a service provider without the service provider 
involvement. 

B. It allows the customer EIGRP domain to remain contiguous. 

C. It requires only minimal support from the service provider. 

D. It allows EIGRP neighbors to be discovered dynamically. 

E. It fully supports multicast traffic. 

F. It allows the administrator to use different autonomous system numbers per EIGRP domain. 
Answer: AB 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


186 















Pass Leader’ 

Leader of IT Certifications 


QUESTION 483 

Which three options are best practices for implementing a DMVPN? (Choose three.) 

A. Use IPsec in tunnel mode. 

B. Implement Dead Peer Detection to detect communication loss. 

C. Configure AES for encryption of transported data. 

D. Configure SHA-1 for encryption of transported data. 

E. Deploy IPsec hardware acceleration to minimize router memory overhead. 

F. Configure QoS services only on the head-end router. 

Answer: ABC 


QUESTION 484 

Which IPv6 tunneling type establishes a permanent link between IPv6 domains over IPv4? 

A. IPv4-compatible tunneling 

B. ISATAP tunneling 

C. 6to4 tunneling 

D. manual tunneling 

Answer: D 


QUESTION 485 

Which three components comprise the structure of a pseudowire FEC element? (Choose three.) 

A. pseudowire ID 

B. pseudowire type 

C. control word 

D. Layer 3 PDU 

E. header checksum 

F. type of service 

Answer: ABC 


QUESTION 486 

In which two modes do IPv6-in-IPv4 tunnels operate? (Choose two.) 

A. tunnel mode 

B. transport mode 

C. 6to4 mode 

D. 4to6 mode 

E. ISATAP mode 

Answer: AB 


QUESTION 487 

Which VPN technology requires the use of an external key server? 
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A. GETVPN 

B. GDOI 

C. SSL 

D. DMVPN 

E. IPsec 

F. L2TPv3 


Answer: A 


QUESTION 488 

Which three roles does a key server perform when used with GETVPN? (Choose three.) 

A. It authenticates group members. 

B. It manages security policies. 

C. It creates group keys. 

D. It distributes multicast replication policies. 

E. It distributes multicast replication keys. 

F. It configures and routes the GDOI protocol. 

Answer: ABC 


QUESTION 489 

Which two Cisco IOS AAA features are available with the local database? (Choose two.) 

A. command authorization 

B. network access authorization 

C. network accounting 

D. network access authentication 

Answer: AD 


QUESTION 490 

What is the most secure way to store ISAKMP/IPSec preshared keys in Cisco IOS? 

A. Use the service password-encryption command. 

B. Encrypt the ISAKMP preshared key in secure type 5 format. 

C. Encrypt the ISAKMP preshared key in secure type 7 format. 

D. Encrypt the ISAKMP preshared key in secure type 6 format. 

Answer: D 

QUESTION 491 

Which two statements about the protected ports feature and the private VLAN feature are true? 
(Choose two.) 

A. The protected ports feature is limited to the local switch. 

B. The protected ports feature can isolate traffic between two "protected" ports on different switches. 

C. The private VLAN feature is limited to the local switch. 
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D. The private VLAN feature prevents interhost communication within a VLAN across one or more 
switches. 

Answer: AD 


QUESTION 492 

Which two features are used for inspection when IPv6 address glean is enabled? (Choose two.) 

A. DHCP messages 

B. ND messages 

C. ICMPv6 messages 

D. UDP messages 

E. TCP messages 

Answer: AB 


QUESTION 493 

Refer to the exhibit. Which statement about the R1 configuration is true? 


Rltfshow run 

ip ssh time-out 30 

ip ssh authentication-retries 2 

access-list 10 permit 10.1.1.2 
no cdp log mismatch duplex 

control-plane 

line con 0 

exec-timeout 5 30 
logging synchronous 
line aux 0 
line vty 0 4 

access-class 10 in 
login 

transport input ssh 


A. It permits host 10.1.1.2 to establish a Telnet connection to R1. 

B. It limits remote hosts to two SSH connection attempts. 

C. SSH connections to R1 will log out after a 5-minute idle interval. 

D. Hosts that reside on network 10.0.0.0/8 can SSH to R1. 

E. The R1 timeout for outgoing SSH connection attempts is 30 seconds. 

Answer: E 


QUESTION 494 

Which two statements about the default SNMP configuration are true? (Choose two.) 
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A. The SNMP agent is enabled. 

B. The SNMP trap receiver is configured. 

C. All SNMP notification types are sent. 

D. SNMPvl is the default version. 

E. SNMPv3 is the default version. 

Answer: CD 


QUESTION 495 

Which two statements about logging are true? (Choose two.) 

A. Log messages are sent to the console port by default. 

B. Log messages are displayed in a Telnet session by default. 

C. Interface status changes are logged at the Notification level. 

D. Interface status changes are logged at the Informational level. 

E. System restart messages are logged at the Critical level. 

F. Reload requests are logged at the Notification level. 

Answer: AC 


QUESTION 496 

Refer to the exhibit. Your network is suffering excessive output drops. 
Which two actions can you take to resolve the problem? (Choose two.) 


access-switch-l#show interface fa3tethernet0/9 
Fa3tEthernetO/9 is up, line protocol is up (connected) 

Hardware is Fast Ethernet, address is 04da.d237.9f09 (bia 04da.d237.9f09) 
Auto-duplex, Auto-speed, media type is 10/100BaseTX 
Last clearing of "show interface” counters never 

Input queue: 0/75/0/0 (size/max/drcps/flushes); Total output drops: 59137853 

acces3-switch-l#shcw mis qos interface fa3tethernet0/9 statistics 

Queueset: 1 

output queues dropped: 


queue: 

threshcldl 

threshold2 

threshcld3 

queue 0: 

0 

0 

48252 

queue 1: 

23164955 

35924645 

1 

queue 2: 

0 

0 

0 

queue 3: 

0 

0 

0 


A. Install a switch with larger buffers. 

B. Configure a different queue set. 

C. Reconfigure the switch buffers. 

D. Configure the server application to use TCP. 

E. Update the server operating system. 

Answer: AB 
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QUESTION 497 

Refer to the exhibit. If the remaining configuration uses default values, what is the expected 
output of the show mis qos queue- set command? 


mis qcs queue-set output 1 threshold 2 80 90 100 100 

mis qcs queue-set output 1 threshold 3 400 400 100 800 

mis qcs queue-set output 1 threshold 4 60 100 100 100 


Queueset: 1 




Queue 

1 

2 

3 

4 

buffers 

25 

25 

25 

25 

thresholdl 

100 

80 

400 

60 

threshold 

100 

90 

400 

100 

reserved 

50 

100 

100 

100 

maximum 

400 

100 

800 

100 


Queueset: 1 




Queue 

: 1 

2 

3 

4 

buffers 

25 

25 

25 

25 

thresholdl 

100 

80 

400 

60 

threshold2 

100 

90 

400 

100 

reserved 

50 

100 

100 

100 

maximum 

100 

100 

800 

100 


Queueset: 1 




Queue 

: 1 

2 

3 

4 

buffers 

25 

25 

25 

25 

thresholdl 

50 

80 

400 

60 

threshold2 

50 

90 

400 

100 

reserved 

50 

100 

100 

100 

maximum 

400 

100 

800 

100 
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Queueset: 
Queue 

1 

: 1 

2 

3 

4 

buffers 

: 25 

25 

25 

25 

thresholdl 

: 100 

80 

400 

60 

threshold2 

: 100 

90 

400 

100 

reserved 

: 100 

100 

100 

100 

maximum 

: 400 

100 

800 

100 


Answer: A 


QUESTION 498 

Which two statements about HSRP are true? (Choose two.) 

A. Its virtual MAC is 0000.0C07.Acxx. 

B. Its multicast virtual MAC is 0000.5E00.01xx. 

C. Its default configuration allows for pre-emption. 

D. It supports tracking. 

E. It supports unique virtual MAC addresses. 

Answer: AD 


QUESTION 499 

Which two statements about the client-identifier in a DHCP pool are true? (Choose two.) 

A. It specifies a unique identifier that is used only for DHCP requests. 

B. It is specified by appending 01 to the MAC address of a DHCP client. 

C. It specifies a hardware address for the client. 

D. It specifies a unique identifier that is used only for BOOTP requests. 

E. It requires that you specify the hardware protocol. 

Answer: AB 


QUESTION 500 

Refer to the exhibit. If router R1 is functioning as a DHCPv6 server and you enter the command 
show ipv6 dhcp binding, which two options are pieces of information in the output? (Choose two.) 
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A. The IA PD 

B. The DUID 

C. The prefix pool 

D. The DNS server 

E. The Rapid-Commit setting 

Answer: AB 


QUESTION 501 

Which two statements about NPTv6 are true? (Choose two.) 

A. The translation is invisible to applications that hard code IP information within the application 
logic. 

B. It is a one-way stateful translation for the IPv6 address. 

C. Translation is 1:1 at the network layer. 

D. It is a two-way stateless translation for the network prefix. 

Answer: CD 


QUESTION 502 

Which three protocols can use enhanced object tracking? (Choose three.) 

A. HSRP 

B. Proxy-ARP 

C. VRRP 
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D. GLBP 

E. NTP 

F. DHCP 

Answer: ACD 


QUESTION 503 

What are the three primary components of NetFlow? (Choose three.) 

A. Flow caching 

B. A flow collector 

C. The data analyzer 

D. Flow sequence numbers 

E. Cisco Express Forwarding 

F. Multicast 

Answer: ABC 


QUESTION 504 

Which two options are actions that EEM can perform after detecting an event? (Choose two.) 

A. Place a port in err-disabled. 

B. Generate an SNMP trap. 

C. Reload the Cisco IOS Software. 

D. Send an SMS. 

Answer: BC 


QUESTION 505 

On which three options can Cisco PfR base its traffic routing? (Choose three.) 

A. Time of day 

B. An access list with permit or deny statements 

C. Load-balancing requirements 

D. Network performance 

E. User-defined link capacity thresholds 

F. Router IOS version 

Answer: CDE 


QUESTION 506 

Which two routing protocols are not directly supported by Cisco PfR route control, and rely on the 
Cisco PfR subfeature PIRO? (Choose two.) 

A. BGP 

B. EIGRP 

C. Static routing 

D. OSPF 
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E. IS-IS 
Answer: DE 


QUESTION 507 

Which two options does Cisco PfR use to control the entrance link selection with inbound 
optimization? (Choose two.) 

A. Prepend extra AS hops to the BGP prefix. 

B. Advertise more specific BGP prefixes (longer mask). 

C. Add (prepend) one or more communities to the prefix that is advertised by BGP. 

D. Have BGP dampen the prefix. 

Answer: AC 


QUESTION 508 

While you are troubleshooting network performance issues, you notice that a switch is 
periodically flooding all unicast traffic. Further investigation reveals that periodically the switch is 
also having spikes in CPU utilization, causing the MAC address table to be flushed and 
relearned. What is the most likely cause of this issue? 

A. a routing protocol that is flooding updates 

B. a flapping port that is generating BPDUs with the TCN bit set 

C. STP is not running on the switch 

D. a user that is downloading the output of the show-tech command 

E. a corrupted switch CAM table 

Answer: B 


QUESTION 509 

Your network is suffering from regular outages. After troubleshooting, you learn that the transmit 
lead of a fiber uplink was damaged. Which two features can prevent the same issues in the 
future? (Choose two.) 

A. root guard 

B. loop guard 

C. BPDU guard 

D. UDLD 

E. BPDU skew detection 

Answer: BD 


QUESTION 510 

Which feature would prevent guest users from gaining network access by unplugging an IP 
phone and connecting a laptop computer? 

A. IPSecVPN 

B. SSL VPN 
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C. port security 

D. port security with statically configured MAC addresses 

E. private VLANs 

Answer: D 


QUESTION 511 

Which two statements are true about the role of split horizon? (Choose two.) 

A. It is a function used by routing protocols to install routes into routing table 

B. It is a function that prevents the advertising of routes over an interface that the router is using 
to reach a route 

C. Its function is to help avoid routing loops. 

D. It is a redistribution technique used by routing protocols 

Answer: BC 


QUESTION 512 

Refer to the exhibit. Which result will the EEM applet in the exhibit produce? 


event manager applet CCIE 

event timer cron name CCIE cron-entry */5 * * * * 
action 1 cli command "en" 
action 2 cli command "show log" 


A. The output of show version will be executed every 5 hours. 

B. The output of show log will be executed every 5 hours. 

C. The output of show log will be executed every Friday. 

D. The output of show log will be executed every 5 minutes. 

Answer: B 
Explanation: 

The cron entry indicates 5 hours. So the output of show log will be executed every 5 hours. 


QUESTION 513 

Which two events occur when a packet is decapsulated in a GRE tunnel? (Choose two.) 

A. The destination IPv4 address in the IPv4 payload is used to forward the packet. 

B. The TTL of the payload packet is decremented. 

C. The source IPv4 address in the IPv4 payload is used to forward the packet. 

D. The TTL of the payload packet is incremented. 

E. The version field in the GRE header is incremented. 

F. The GRE keepalive mechanism is reset. 

Answer: AB 


QUESTION 514 
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Drag and Drop Question 

Drag and drop each STP port role on the left to the matching statement on the right. 


alternate port 


the port whose path cost deems it closest to the 
root bridqe 



backup port 


the port that sends the best BPDUs on its segment 



designated port 


a blocked port that receives more useful BPDUs 
from a different bridqe 



root port 


a blocked port that receives more useful BPDUs 
from its own bridqe 


Answer: 



QUESTION 515 

Drag and Drop Question 

Drag and drop the Cisco IQS XE subpackage on the left to the function it performs on the right. 


RPBase 


administers the shared port adaptor driver and 
related field-proqrammable device imaqes 



RPControl 


provisions the software needed to access the router 



SIPSPA 


manages the Cisco 105 Software and the rest of 
the platform via the control plane 



RPAccess 


provisions the operating system software route 

processor 


Answer: 
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QUESTION 516 

Drag and Drop Question 

Drag and drop the VLAN number on the left to the corresponding default VLAN name on the right. 


1001 


fddi-default 



1002 


fddinet-default 



1003 


trnet-default 



1004 


ethernet 



1005 


token-ring-default 


Answer: 



QUESTION 517 
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Drag and Drop Question 

Drag and drop the StackWise stack master election rule on the left into the correct priority order 
on the right. 


the switch with the highest software priority 


1 



the switch with the lowest MAC address 


2 



the current stack master 


3 



the switch with a defined interface-level configuration 


4 



the switch with the highest priority value 


5 



the switch with the longest up time 


6 


Answer: 


the current stack master 


the switch with the highest priority value 


the switch with a defined interface-level configuration 


the switch with the highest software priority 


the switch with the longest up time 


the switch with the lowest MAC address 


QUESTION 518 

Drag and Drop Question 

Drag and drop the IGMPv2 timer on the left to its default value on the right. 
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Group Membership Interval 


1 second 



Last Member Query Interval 


10 seconds 



Query Interval 


60 seconds 



Query Response Interval 


255 seconds 



Other Querier Present Interval 


260 seconds 



Version 1 Router Present Timeout 


400 seconds 


Answer: 


Last Member Query Interval 


Query Response Interval 


Query Interval 


Other Querier Present Interval 


Group Membership Interval 


Version 1 Router Present Timeout 


QUESTION 519 

Drag and Drop Question 

Drag and drop the Metro Ethernet circuit on the left to the corresponding Service Type category 
on the right. 
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Ethernet Virtual Private Line 


Ethernet Private Tree 


Ethernet Private LAN 


Ethernet Virtual Private LAN 


Ethernet Private Line 



Answer: 


p 

art Based 

Ethernet Private Tree 





Ethernet Private LAN 





Ethernet Private Line 



V LAN Based _ 

Ethernet Virtual Private LAN 


Ethernet Virtual Private Line 


QUESTION 520 

Drag and Drop Question 

Drag and drop the OSPFv3 LSA type on the left to the functionality it provides on the right. 
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Router LSA (Type 1) 


advertises an internal network or set of networks to 

routers in other areas 



Network LSA (Type 2) 


associates a group of prefixes for transit networks 
or stub networks 



Interarea-prefix LSA for ABRs (Type 3) 


indicates whether the router is part of a virtual link 



Interarea-router LSA for ASBRs (Type 4) 


collects Ink-state information and cost information 

for the 



Autonomous system external LSA (Type 5) 


provides the link-local address of a router to other 
routers on 



Link LSA (Type 8) 


redistributes external routes 



Intra-Area-Prefix LSAs (Type 9) 


enables routers to determine the best path to an 
external network 


Answer: 


Interarea-prefix L5A for ABRs (Type 3) 


Intra-Area-Prefix LSAs (Type 9) 


Router LSA (Type 1) 


Network I SA (Type 2) 


Link LSA (Type 8) 


Autonomous system external LSA (Type 5) 


Interarea-router LSA for ASBRs (Type 4) 


QUESTION 521 

Drag and Drop Question 

Drag and drop the OSPF network type on the left to the correct category of timers on the right. 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


202 
















































Pass Leader’ 

Leader of IT Certifications 


Point-to-Point 


Loopback 


Point-to-MuItipoint Nonbroadcast 


Broadcast 


Po int-to -M u Itip o in t 


Nonbroadcast 



Answer: 



QUESTION 522 

Drag and Drop Question 
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Drag and drop the BGP attribute on the left to the correct category on the right. 


Originator ID 

i 

3GP Well-Known Mandatory Attribute 

1 


Community 

2 



Local-Preference 




l 

3GP Well-Known Discretionary Attribute 



1 

AS_Path 






Cluster List 

f 

BGP Optional Transitive Attribute 


1 

Origin 




Answer: 


Originator ID 


Cluster List 



BGP Optional Transitive Attribute 


Community 




QUESTION 523 

Drag and Drop Question 

Drag and drop the DMVPN command on the left to the corresponding function on the right. 
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ip nhrp map group 


configures mapping from an ip adress to an NBMA 
mapping 



ip nhrp group 


associates an NHRP group to a QoS polcy 



ip nhrp map 


allows broadcast packets to be sent over a tunnel 



ip nhrp map multicast 


configured an NHRP group 



ip nhrp nhs 


designates the IP to use for communication to the 
next hop server 



ip nhrp responder 


specifies the next hop server 


Answer: 



QUESTION 524 

Drag and Drop Question 

Drag and drop the OTV component on the left to the function it performs on the right. 
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edge device 


elected by the OTV to provide loop-free multihoming 



join interface 


connects VLANs to be extended 



internal interface 


receives local OTV hello messages 



overlay interface 


provides an uplink to the overlay network 



site VLAN 


encapsulates layer 2 frames within an IP header 



authoritative edge device 


connects a site to an overlay network 


Answer: 


authoritative edge device 


internal Interface 


site VLAN 


join interface 


overlay interface 


edge device 


QUESTION 525 

Drag and Drop Question 

Drag and drop the TACACS+ configuration command on the left to the correct function it 
performs on the right. 
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tacacs-server host 192.168.1.250 


globally configures a pre-shared TACACS+ key 



tacacs-server host 10.1.1.93 key CISCO 


configures a device to send only a portion of the 

username 



tacacs-server key CISCO 


configures the device to send TACACS+ requests to 

a 



tacacs-server directed-request 


maintains a single open connection between the 
device and 



tacacs-server packet 12000 


configures the device to securely send TACACS+ 
requests to a TACACS+ server 



tacacs-server host 172.16.16.25 single-connection 


configured the maximum TACACS+ packet size 


Answer: 



tacacs-server key CISCO 

tacacs-server directed-request 


tacacs-server host 192.168.1.250 


tacacs-server host 172.16.16.25 single-connection 


tacacs-server host 10.1.1.93 key CISCO 


tacacs-server packet 12000 


QUESTION 526 

Drag and Drop Question 

Drag and drop the DSCP PHB on the left to the corresponding binary representation on the right. 
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AF31 


10111000 



AF43 


01010000 



AF22 


1110000 



AF13 


01101000 



EF 


00111000 



CS7 


10011000 


Answer: 


EF 


AF22 


CS7 


AF31 


AF13 


AF43 


QUESTION 527 

Which two statements about Cisco Express Forwarding are true? (Choose two.) 

A. Cisco Express Forwarding tables contain reachability information and adjacency tables contain 
forwarding information. 

B. Cisco Express Forwarding tables contain forwarding information and adjacency tables contain 
reachability information. 

C. Changing MAC header rewrite strings requires cache validation. 

D. Adjacency tables and Cisco Express Forwarding tables can be built separately. 

E. Adjacency tables and Cisco Express Forwarding tables require packet process-switching. 
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Answer: AD 


QUESTION 528 

Which TCP feature allows a client to request a specific packet that was lost? 

A. flow control 

B. sliding window 

C. fast recovery 

D. selective acknowledgment 

Answer: D 


QUESTION 529 

Which two solutions can reduce UDP latency? (Choose two.) 

A. fast retransmission 

B. fast recovery 

C. fast start 

D. low-latency queuing 

E. IP service level agreements 

F. congestion-avoidance algorithm 

Answer: DE 


QUESTION 530 

You are configuring Wireshark on a Cisco Catalyst 4500E Switch with a Supervisor 8. Which 
three actions can you take to prevent the capture from overloading the CPU? (Choose three.) 

A. Attach the specific ports that are part of the data path. 

B. Use an in-line filter. 

C. Use an appropriate ACL. 

D. Add memory to the Supervisor. 

E. Reconfigure the buffers to accommodate the additional traffic. 

F. Configure a policy map, class map, and an access list to express the match conditions. 

Answer: ABC 


QUESTION 531 

Which three statements about VTP version 3 are true? (Choose three.) 

A. It supports other databases in addition to VLAN. 

B. It supports VLANs up to 4095. 

C. It supports the synchronization of switch configuration templates between switches in the domain. 

D. It supports the transfer of information about private VLAN structures. 

E. It supports the transfer of PVST+ configuration information. 

F. It supports RSTP. 

Answer: ABD 
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QUESTION 532 

In an STP domain, which two statements are true for a nonroot switch, when it receives a 
configuration BPDU from the root bridge with the TC bit set? (Choose two.) 

A. It sets the MAC table aging time to max_age + forward_delay time. 

B. It sets the MAC table aging time to forward_delay time. 

C. It recalculates the STP topology upon receiving topology change notification from the root switch. 

D. It receives the topology change BPDU on both forwarding and blocking ports. 

Answer: BD 

QUESTION 533 

Which two statements about RSTP and MSTP BPDUs are true? (Choose two.) 

A. MSTP switches can detect boundary ports when they receive RSTP version 2 BPDUs. 

B. MSTP switches can detect boundary ports when they receive RSTP version 1 BPDUs. 

C. RSTP switches can process MSTP version 3 BPDUs. 

D. When all boundary switches are running RSTP, MST sends only version 0 configuration BPDUs. 
Answer: AC 


QUESTION 534 

Which three options are sources from which a SPAN session can copy traffic? (Choose three.) 

A. ports 

B. EtherChannels 

C. VLANs 

D. subnets 

E. primary IP addresses 

F. secondary IP addresses 

Answer: ABC 


QUESTION 535 

Which three capabilities are provided by MLD snooping? (Choose three.) 

A. dynamic port learning 

B. IPv6 multicast router discovery 

C. user-configured ports age out automatically 

D. a 5-minute aging timer 

E. flooding control packets to the egress VLAN 

F. a 60-second aging timer 

Answer: ABD 


QUESTION 536 

Refer to the exhibit. Which two statements about the implementation are true? (Choose two.) 
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Interface SerialO/1 
ppp aultilink 
multilink-group 2 
ppp multilink interleave 
ppp multilink multiclass 


A. The PPP multilink protocol header is omitted on delay-sensitive packets. 

B. The maximum number of fragments is 1. 

C. Small real-time packets are multilink-encapsulated. 

D. A transmit queue is provided for smaller packets. 

Answer: AD 


QUESTION 537 

Which two statements are characteristics of Ethernet private LAN circuits? (Choose two.) 

A. They support communication between two or more customer endpoints. 

B. They utilize more than one bridge domain. 

C. They support point-to-multipoint EVC. 

D. They support multipoint-to-multipoint EVC. 

Answer: AD 


QUESTION 538 

Which two statements about Inverse ARP are true? (Choose two.) 

A. It uses the same operation code as ARP. 

B. It uses the same packet format as ARP. 

C. It uses ARP stuffing. 

D. It supports static mapping. 

E. It translates Layer 2 addresses to Layer 3 addresses. 

F. It translates Layer 3 addresses to Layer 2 addresses. 

Answer: BE 


QUESTION 539 

Refer to the exhibit. R3 is failing to join the multicast group 224.1.1.1 that is sourcing from R1. 
Which two actions can you take to allow multicast traffic to flow correctly? (Choose two.) 
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interface GigabitCthernetO/O 
ip address 152.168,1.1 255.255.255.248 
ip pirn sparse-MOde 
interface TunneilO 
tunnel-source GigabitEthernetO/O 
tunnel-destination 10.2.2.3 
ip address 172.28.8.1 255.255.255.248 
ip pirn sparse-mode 
router ospf 1 

network 152.168.1.1 0.0.0.0 area 0 
ip mroute 224.1.1.0 255.255.255.0 172.28.8.2 

R2 

interface GigabitEthernet0/0 

ip address 152.163.1.2 255.255.255.248 

ip pin sparse-mode 

interface GigabitEthernetO/1 

ip address 10.2.2.2 255.255.255.248 

ip pim sparse-mode 

router ospf 1 

network 0.0.0.0 255.255.255.255 area 0 



R3 

interface GigabitEthernetO/0 

ip address 10.2.2.3 255.255.255.248 

ip pim sparse-mode 

ip igmp join-group 224.1.1.1 

interface TunneilO 

tunnel-source GigabitEthernetO/0 

tunnel-destination 152.168.1.1 

ip address 172.28.8.3 255.255.255.248 

ip pim sparse-mode 

router ospf 1 

network 10.2.2.3 0.0.0.0 area 0 


A. Remove the static multicast route on R1. 

B. Configure OSPF on R1 and R3 to include the tunnel interfaces. 

C. Add an additional static multicast route on R2 for multicast group 224.1.1.1 toward R3. 

D. Replace the static multicast route on R1 to send traffic toward R2. 

E. Remove the static unicast route on R1. 

F. Add an additional static unicast route on R2 toward the loopback interface of R3. 

Answer: AB 


QUESTION 540 

Which two modes of operation does BFD support? (Choose two.) 

A. synchronous mode 

B. asynchronous mode 

C. demand mode 

D. echo mode 

E. aggressive mode 

F. passive mode 

Answer: BC 
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QUESTION 541 

Which two loop-prevention mechanisms are implemented in BGP? (Choose two.) 

A. A route with its own AS in the AS_PATH is dropped automatically if the route reenters its own AS. 

B. A route with its own cluster ID in the CLUSTERJJST is dropped automatically when the route 
reenters its own AS. 

C. The command bgp allowas-in enables a route with its own AS_PATH to be dropped when it 
reenters its own AS. 

D. The command bgp bestpath as-path ignore enables the strict checking of AS_PATH so that they 
drop routes with their own AS in the AS_PATH. 

E. The command bgp bestpath med missing-as-worst assigns the smallest possible MED, which 
directly prevents a loop. 

Answer: AB 


QUESTION 542 

Refer to the exhibit. RIPv2 authentication is failing on a device with this configuration. Which two 
actions can you take to enable it? (Choose two.) 


key chain kcl 
key 1 

key-string ripauth 
interface SerialO 

ip address 10.i.1.1 255.255.2SS.252 
ip tip authentication key-chain kcl 
router rip 
version 2 
network 10.0.0.0 


A. Set the RIP authentication mode to text. 

B. Set the RIP authentication mode to MD5. 

C. Configure the password encryption for the key. 

D. Set the password encryption to AES. 

Answer: AB 


QUESTION 543 

Which three routing protocols utilize TLVs? (Choose three.) 

A. BGP 

B. IS IS 

C. ODR 

D. OSPF 

E. EIGRP 

F. RIP 

Answer: ABE 
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QUESTION 544 

Which two statements about the command distance bgp 90 60 120 are true? (Choose two.) 

A. Implementing the command is a Cisco best practice. 

B. The external distance it sets is preferred over the internal distance. 

C. The internal distance it sets is preferred over the external distance. 

D. The local distance it sets may conflict with the EIGRP administrative distance. 

E. The internal distance it sets may conflict with the EIGRP administrative distance. 

F. The local distance it sets may conflict with the RIP administrative distance. 

Answer: CF 


QUESTION 545 

Refer to the exhibit. Route exchange is failing on a PE edge device configured with this VRF-Lite. 
Which action can you take to correct the problem? 


vrf definition vl 
rd 1:1 

address-family ipv4 
exit-addres s-family 
address-family ipv6 
exit-addres s-family 

vrf definition v2 
rd 2:2 

address-family ipv6 
exit-address-f amily 

interface FastEthernetO/O 
no ip address 

interface FastEthernetO/0.100 
encapsulation dotlQ 100 
vrf forwarding vl 

ip address 192.168.1.1 255.255.255.0 
ipv€ enable 
ospfv3 1 ipv€ area 0 
ospfv3 1 ipv4 area 0 
interface FastEthernetO/0.200 
encapsulation dotlQ 200 
vrf forwarding v2 
ipv6 enable 
ospfv3 1 ipv6 area 0 
interface FastEthernetO/1 
vrf forwarding vl 
ip address 10.1.1.1 255.255.255.0 
ipv6 enable 
ospfv3 1 ipv6 area 1 
ospfv3 1 ipv4 area 0 
no keepalive 

interface FastEthernetO/2 
vrf forwarding v2 
no ip address 

ipv6 address 2001:DBS:1::1 

ipv6 enable 

ospfv3 1 ipv6 area 1 


router ospfv3 1 

add re33- family ipv€ unica3t vrf v2 
router-id 192.168.2.1 
exit-address-family 

address-family ipv4 unicast vrf vl 
router-id 192.168.1.4 
exit-address-family 

address-family ipv6 unicast vrf vl 
router-id 192.168.1.1 
exit-address-family 


A. Configure the vrf-lite capability under the OSPF address families. 
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B. Correct the route descriptors. 

C. Correct the OSPF router-ids. 

D. Configure the control plane with a larger memory allocation to allow the device to appear in the 
routing table. 

Answer: A 


QUESTION 546 

Refer to the exhibit. Which option is the result of this configuration? 


router ospf 1 

network 152.168.10.0 0.0.0.2SS area 0 
network 172.22.15.0 0.0.0.255 area 15 
area 15 ran?e 152.168.0.0 255.255.0.0 not-advertise 


A. Devices in OSPF area 15 can reach the summary route 192.168.0.0/16 and its more specific 
subnets. 

B. Devices in OSPF area 15 can reach only the more specific routes of 192.168.0.0/16. 

C. Devices in OSPF area 0 can reach the summary route 192.168.0.0/16 and its more specific 
subnets. 

D. Devices in OSPF area 0 can reach only the summary route of 192.168.0.0/16. 

Answer: A 

QUESTION 547 

Which two technologies are supported by EIGRP? (Choose two.) 

A. clear-text authentication 

B. MD5 authentication 

C. stub routing 

D. multiple areas 

Answer: BC 


QUESTION 548 

How does having an EIGRP feasible successor speed up convergence? 

A. EIGRP sends queries only if there is a feasible successor, which decreases the number of routers 
that are involved in convergence. 

B. EIGRP sends queries only if there is not a feasible successor, which causes less control traffic to 
compete with data. 

C. EIGRP immediately installs the loop-free alternative path in the RIB. 

D. EIGRP preinstalls the feasible successor in the RIB in all cases, which causes traffic to switch 
more quickly. 

Answer: C 
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QUESTION 549 

Which two options are ways in which an OSPFv3 router handles hello packets with a clear 
address-family bit? (Choose two.) 

A. IPv4 unicast packets are discarded. 

B. IPv6 unicast packets are discarded. 

C. IPv4 unicast packets are forwarded. 

D. IPv6 unicast packets are forwarded. 

Answer: AD 

QUESTION 550 

Which two statements about OSPF route types are true? (Choose two.) 

A. The cost of an external type 2 route is the sum of the external and internal costs. 

B. The cost of an external type 2 route is the same as the external cost. 

C. Intra-area routes originate outside of their area. 

D. Inter-area routes originate inside their area. 

E. The cost of an external type 1 route is the same as the internal cost. 

F. For routes to the same destination, external type 1 routes are preferred over external type 2 
routes. 

Answer: BF 


QUESTION 551 

A company is multihomed to several Internet providers using EBGP. Which two measures 
guarantee that the network of the company does not become a transit AS for Internet traffic? 

(Choose two.) 

A. Prepend three times the AS number of the company to the AS path list. 

B. Add the community NO_EXPORT when sending updates to EBGP neighbors. 

C. Write AS-path access-list which permits one AS long paths only and use it to filter updates sent to 
EBGP neighbors. 

D. Add the community NO_EXPORT when receiving updates from EBGP neighbors. 

Answer: CD 


QUESTION 552 

Which BGP feature allows a router to maintain its current BGP configuration while it advertises a 
different AS number to new connections? 

A. local-AS 

B. next-hop-self 

C. allow-AS in 

D. soft reset 

Answer: A 
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QUESTION 553 

Which problem can result when private AS numbers are included in advertisements that are sent 
to the global Internet BGP table? 

A. The prefixes sent with private AS numbers are always discarded on the Internet. 

B. The prefixes sent with private AS numbers are always tagged as invalid on the Internet. 

C. The prefixes sent with private AS numbers lack uniqueness, which can lead to a loss of 

connectivity. 

D. The prefixes sent with private AS numbers are sometimes tagged as invalid on the Internet. 

Answer: C 

QUESTION 554 

Which two statements about the BGP community attribute are true? (Choose two.) 

A. Routers send the community attribute to all BGP neighbors automatically. 

B. A router can change a received community attribute before advertising it to peers. 

C. It is a well-known, discretionary BGP attribute. 

D. It is an optional transitive BGP attribute. 

E. A prefix can support only one community attribute. 

Answer: BD 


QUESTION 555 

Refer to the exhibit. Which AS paths are matched by this access list? 


ip as-path acce33-list 1 permit ~64496_[0-9]*$ 


A. the origin AS 64496 only 

B. the origin AS 64496 and any ASs after AS 64496 

C. the directly attached AS 64496 and any ASs directly attached to AS 64496 

D. the directly attached AS 64496 and any longer AS paths 

Answer: C 


QUESTION 556 

Which two features improve BGP convergence? (Choose two.) 

A. next-hop address tracking 

B. additional paths 

C. advertise map 

D. communities 

E. soft reconfiguration 

Answer: AB 
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QUESTION 557 

Refer to the exhibit. The spokes of the DMVPN with the given configuration are having QoS 
issues. 

Which two actions can you take to resolve the problem? (Choose two.) 


crypto isakmp policy 1 

authentication pre-share 
crypto isakmp key dmvpn address 0.0.0.0 0.0.0.0 

crypto ipsec transform-set vpntrans ah-sha-hmac esp-aes 25c esp-sha-hmac 
crypto ipsec profile DHYPN-PP.QF 
set transform-set vpntrans 

policy-map SHAPE 

class class-default 
shape average 200000 

interface LoopbackO 

ip address 10.1.1.1 255.255.255.0 

interface TunnelO 

ip address 192.168.1.1 255.255.255.0 

no ip next-hop-self eigrp 1 

ip nhrp authentication dmvpn 

ip nhrp map multicast dynamic 

ip nhrp network-id 99 

ip tcp adjust-mss 1360 

no ip split-horizon eigrp 1 

tunnel source Senall/0 

tunnel mode gre multipoint 

tunnel protection ipsec profile DMVPN-PR0F 

interface Senall/0 

ip address 172.16.1.1 255.255.255.248 
encapsulation frame-relay 
frame-relay inverse-arp 

router eigrp 1 

network 10.0.0.0 
network 192.168.1.0 


A. Configure qos pre-classify on the tunnel interface. 

B. Configure an NHRP group on the tunnel interface and associate it to a QoS policy. 

C. Modify the configuration of the IPsec policy to accept QoS policies. 

D. Manually configure a QoS policy on the serial interface. 

E. Configure the bandwidth statement on the tunnel interface. 

F. Configure the bandwidth statement on the serial interface. 

Answer: AB 


QUESTION 558 

Which three statements about the route preference of IS-IS are true? (Choose three.) 
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A. An LI path is preferred over an L2 path. 

B. An L2 path is preferred over an LI path. 

C. Within each level, a path that supports optional metrics is preferred over a path that supports only 
the default metric. 

D. Within each level of metric support, the path with the lowest metric is preferred. 

E. The Cisco IS-IS implementation usually performs equal cost path load balancing on up to eight 
paths. 

F. Both LI and L2 routes will be installed in the routing table at the same time. 

Answer: ACD 


QUESTION 559 

Refer to the exhibit. Which three statements about the R1 configuration are true? (Choose three.) 


Rllshov mpls 12transport vc 1611 detail 

Local interface: G14/G/2 up, line protocol up, Eth VLAN 1611 up 
Destination address: 172.16.12.70, VC ID: 1611, VC status: down 
Output interface: none, imposed label stack () 

Preferred path: not configured 
Default path: no route 
No adjacency 

Create time: 4w2d, last status change time: 4w2d 
Signaling protocol: LDP, peer 172.16.12.70:0 up 

Targeted Hello: 172.16.152.80<LDP Id> -> 172.16.12.70 

Status TLV support (local/remote} : enabled/unknown (no remote binding) 

Label/status state machine : local ready, LruPnd 

Last local dataplane status rcvd: no fault 

Last local SSS circuit status rcvd: no fault 

Last local SSS circuit status sent: not sent 

Last local LDP TLV status sent: no fault 

Last remote LDP TLV status rcvd: unknown (no remote binding) 

MPLS VC labels: local 4006, remote unassigned 
Group ID: local 0, remote unknown 
MTU: local 1S00, remote unknown 
Remote interface description: 

Sequencing: receive disabled, send disabled 
VC statistics: 

packet totals: receive 0, send 0 
byte totals: receive 0, send 0 

packet drops: receive 0, seq error 0, send 0 


A. The virtual circuit identifier is 1611 and the virtual circuit is down. 

B. The local label for the circuit is 4006. 

C. The targeted LDP session to the remote peer is up. 

D. The local label for the circuit is 1611. 

E. The virtual circuit identifier is 4006 and the virtual circuit is down. 

F. The circuit is using MPLS VC type 4. 

Answer: ABC 
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QUESTION 560 

Which two statements about 6VPE are true? (Choose two.) 

A. It allows a service provider to use an existing MPLS network to provide VPN services to IPv6 
customers. 

B. It uses MP-BGP as the carrier protocol to transport IPv6 connectivity. 

C. It provides IPv6 connectivity to MPLS-VPN customers when IPv6 overlay tunneling is also 
configured. 

D. It allows a service provider to use an existing MPLS network to provide global addressing to their 
IPv6 customers. 

E. It requires the configuration of a GRE tunnel tagged with a VLAN ID. 

F. It allows a service provider to use an existing L2TPv3 network to provide VPN services to IPv6 
customers. 

Answer: AB 


QUESTION 561 

Which statement about OTV is true? 

A. The overlay interface becomes active only when configuration is complete and it is manually 
enabled. 

B. OTV data groups can operate only in PIM sparse-mode. 

C. The overlay interface becomes active immediately when it is configured. 

D. The interface facing the OTV groups must be configured with the highest MTU possible. 

Answer: A 


QUESTION 562 

Refer to the exhibit. Which two configuration changes enable the user admin to log in to the 
device? (Choose two.) 


username admin privilege 15 password 5ECUREPASSV0PD 
aaa new-model 

aaa authentication login default group tacacs-t- local-case 
aaa authentication enable default group tacacs+ enable 
aaa authorization console 

aaa authorization exec default group tacacs-t- if-authenticated 

aaa authorization commands 1 default group tacacs-t- local lf-authenticated 

aaa authorization commands 4 default group tacacs-t- if-authenticated 

aaa authorization commands 15 default group tacacs-t- local if-authenticated 

aaa accounting exec default start-stop group tacacs+ 

aaa accounting commands 1 default start-stop group tacacs-t- 

aaa accounting commands IS default start-stop group tacacs-t- 

aaa session-id common 


A. Configure the login authentication to be case-insensitive. 

B. Configure the user admin with a password and appropriate privileges. 

C. Configure the login authentication to be case-sensitive. 

D. Modify the configuration to use a named group. 
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E. Configure additional login authentication under the terminal lines. 

Answer: AB 


QUESTION 563 

Which two advantages does CoPP have over receive path ACLs? (Choose two.) 

A. Only CoPP applies to IP packets and non-IP packets. 

B. Only CoPP applies to receive destination IP packets. 

C. A single instance of CoPP can be applied to all packets to the router, while rACLs require multiple 
instances. 

D. Only CoPP can rate-limit packets. 

Answer: AD 


QUESTION 564 

Which command drops packets with unknown source addresses until you remove a sufficient 
number of secure MAC addresses to drop below the maximum value, and also causes the 
Security Violation counter to increment? 

A. switchport port-security violation protect 

B. switchport port-security violation drop 

C. switchport port-security violation shutdown 

D. switchport port-security violation restrict 

Answer: D 


QUESTION 565 

Which two tasks are required for configuring SNMP to send traps on a Cisco IOS device? 
(Choose two.) 

A. Create access controls for an SNMP community. 

B. Configure SNMP notifications. 

C. Configure the SNMP agent. 

D. Configure SNMP status monitoring and troubleshooting. 

E. Configure SNMP server group names. 

F. Configure the SNMP server engine ID. 

Answer: AB 


QUESTION 566 

Which two statements about SNMP traps are true? (Choose two.) 

A. They are sent by an agent after a specified event. 

B. They are sent when solicited after a specified event. 

C. They are equivalent to a community string. 

D. They provide solicited data to the manager. 

E. They are sent by a management station to an agent. 

F. Vendor-specific traps can be configured. 
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Answer: AF 


QUESTION 567 

A configuration includes the line ip nbar port-map SSH tcp 22 23 443 8080. Which option 
describes the effect of this configuration line? 

A. It configures NBAR to search for SSH using ports 22, 23, 443, and 8080. 

B. It configures NBAR to allow SSH connections only on ports 22, 23, 443, and 8080. 

C. It enables NBAR to inspect for SSH connections. 

D. It creates a custom NBAR port-map named SSH and associates TCP ports 22, 23, 443, and 8080 
to itself. 

Answer: A 


QUESTION 568 

Which configuration sets a minimum quality of service on a Layer 2 access switch? 


A. 

mis 

qos 

cos override 


mis 

qos 

cos 2 

B. 

mis 

qos 

cos 2 

C. 

mis 

qos 

trust cos 


mis 

qos 

cos 2 

D. 

mis 

qos 

trust cos 

E. 

mis 

qos 

trust dscp 


Answer: A 


QUESTION 569 

Which three statements about GLBP are true? (Choose three.) 

A. It uses a virtual MAC address that starts with 0070.b4. 

B. It elects a single active virtual gateway to appoint and manage multiple active virtual forwarders. 

C. It allows the configured virtual IP address to be used on a physical interface as well. 

D. It uses a virtual MAC address that starts with 0070.4b. 

E. It elects multiple active virtual gateways to appoint and manage a single active virtual forwarder. 

F. Preemption is enabled for the configured active virtual gateway by default. 

Answer: ABC 


QUESTION 570 

Refer to the exhibit. If the route to 10.1.1.1 is removed from the R2 routing table, which server 
becomes the master NTP server? 
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R2#shov run I include ntp 
nrp server 10.1.1.1 prefer 
ntp server 10.3.3.3 
ntp server 10.4.4.4 


A. R2 

B. the NTP server at 10.3.3.3 

C. the NTP server at 10.4.4.4 

D. the NTP server with the lowest stratum number 

Answer: D 


QUESTION 571 

Refer to the exhibit. Which feature can R1 use to fail over from R2 to R3 if the address for R2 
becomes unavailable? 



A. object tracking 

B. HSRP 

C. GLBP 

D. LACP 

Answer: A 


QUESTION 572 

Refer to the exhibit. Which two options are effects of the given configuration? (Choose two.) 
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Routerlfshow tun 
interface FastEthetnetO/O 

ip address 10.20.10.1 255.255.255.0 
ip route-cache flov 

ip flow-export version 5 origm-as 
ip flow-export destination 205.165.200.227 45152 


A. It sets the data export destination to 209.165.200.227 on UDP port 49152. 

B. It enables Cisco Express Forwarding on interface FastEthernetO/O. 

C. It configures the export process to include the BGP peer AS of the router gathering the data. 

D. It enables NetFlow switching on interface FastEthernet0/0. 

E. It sets the data export destination to 209.165.200.227 on TCP port 49152. 

Answer: AD 


QUESTION 573 

Which three options are components of an EEM CLI policy? (Choose three.) 

A. Safe-Tcl 

B. applet name 

C. FastTcl 

D. event 

E. action 

F. Tel bytecode 

Answer: BDE 


QUESTION 574 

Which option is a core event publisher for EEM? 

A. Timer 

B. Policy Director 

C. Applet 

D. Script 

Answer: A 


QUESTION 575 

Refer to the exhibit. You are configuring the SI switch for the switch port that connects to the 
client computer. Which configuration blocks users on the port from using more than 6 Mbps of 
traffic and marks the traffic for a class of service of 1 ? 
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A. 


B. 


class-map match-all cosl 
match any 
policy-map ccsl 
class cosl 
3et cosl 

police cir 6000000 be 1125000 be 2250000 conform-action 
set-dsep-transmit csl exceed-action drop 
violate-action drop 


cla33-map match-any cosl 
match any 
policy-map cosl 
class cosl 

police cir 6000000 be 1125000 be 2250000 conform-action 
3et-dscp-transmit csl exceed-action drop 
violate-action drop 


C. 


class-map match-all ccsl 
match any 
policy-map cosl 
class cosl 
set ccsl 

policy cir 6000000 conform-action 3et-dscp-transmit csl 
exceed-action permit violate-action permit 


D. 


cla3s-map match-any ccsl 
match any 
policy-map cosl 
class cosl 
3et cosl 

policy cir 6000000 conform-action transmit exceed-action 
permit violate-action drop 
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Answer: A 


QUESTION 576 

Drag and Drop Question 

Drag and drop the fragmentation characteristics on the left to the corresponding protocol on the 
right 


40 octets 


IPv6 minimum MTU 



fragments packets if DF bit=0 


IPv4 minimum MTU 



1280 octets 


IPv6 routers 



20 octets 


IPv4 routers 



packet fragmentation is not supported 


IPv6 header length 



576 octets 


IPv4 header length 


Answer: 


1280 octets 


576 octets 


packet fragmentation is not supported 


fragments packets if DF bit=0 


40 octets 


20 octets 


QUESTION 577 

Drag and Drop Question 

Drag and drop the IPv6 multicast feature on the left to its corresponding function on the right. 
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PIMv2 


communicates multicast group membership source 

awareness 



MLDvl 


uses only shared tree forwarding 



MLDv2 


communicates multicast group membership states 
from the 



PIM-SSM 


provides intradomain multicast forwarding for all 
underfvinn unicast rout-inn nrntncnk 



PIM Bklir 


aids IPv6 multicast deployment 



IPv6 multicast over IPv4 tunnels 


defined for interdomain use to support broadcast 
applications 


Answer: 



PIMv2 


IPv6 multicast over IPv4 tunnels 


PIM-SSM 


QUESTION 578 

Drag and Drop Question 

Drag and drop the EIGRP term on the left to the corresponding definition on the right. 
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adjacency 


the neighbor with the route that has the lowest 
metric 



split horizon 


a neighbor whose advertised distance is lower than 
the 



successor 


a feature that prevents routing loops 



feasible successor 


the logical association between two neighbors over 
_which mutmn information is exrhanned_ 


Answer: 


successor 


feasible successor 


split horizon 


adjacency 


QUESTION 579 

Drag and Drop Question 

Drag and drop the EIGRP query condition on the left to the corresponding action taken by the 
router on the right. 


The EIGRP table is missing an entry for the route 


A feasible successor is installed in the routing table, 
and a reply 



The EIGRP table lists the querying router as the 
successor for 


The router replies with the successor information 



The querying router is the successor, and no feasible 
_successor pxists_ 


The router replies to the query with an unreachable 

messane 



the EIGRP table has a successor 


The router send a query on all interfaces except the 
_interface that had thp successor rnutp_ 


Answer: 
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The EIGRP table lists the querying router as the 
successor for 


the EIGRP table has a successor 


The EIGRP table is missing an entry for the route 


The querying router is the successor, and no feasible 
_ surrpssnr pxicN _ 


QUESTION 580 

Drag and Drop Question 

Drag and drop the path-selection criteria on the left into the correct route-selection order on the 
right, that a router will use when having multiple routes toward the same destination. 





QUESTION 581 

Drag and Drop Question 

Drag and drop the multiprotocol BGP feature on the left to the corresponding description on the 
right. 
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Multiprotocol Reachable NLRI 


an optional, nontransitive attribute used to withdraw a 
rnutp 



Multiprotocol Unreachable NLRI 


a value that indicates whether multiprocol 
extensions are sunnnrted 



AFI 


an optional, nontransitive attribute used to advertise 

a 



SAFI 


a value that identifies a network protocol 



Capability code 


a value that identifies a subtype of network protocol 


Answer: 


Multiprotocol Unreachable NLRI 


Capability code 


Multiprotocol Reachable NLRI 


AFI 


SAFI 


QUESTION 582 

Drag and Drop Question 

Drag and drop the MPLS term on the left to the function it performs on the right. 
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label 


instructs the router to keep the label when forwarding 



implcit-nul 


groups IP packets so that they are given 
thp ^ame fnrwardinn treatment 



explicit-null 


identifies the group to which an IP packet belongs 



penultimate hop popping 


instructs the penultimate router to pop the label 
before 



FEC 


identifies a layer 2 MPLS connection from one device 
to 



virtual circuit 


pops an MPLS label off one hop before its final 
destination 


Answer: 



explicit-null 



FEC 


label 



implicit-null 

virtual circuit 


penultimate hop popping 


QUESTION 583 

Drag and Drop Question 

Drag and drop the NHRP flag on the left to the corresponding meaning on the right. 
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authoritative 


The NHRP mapping entry was created from an 
NHRP registration request 



implicit 


NHRP information was obtained from the next hop 

server 

that maintains the NBMA-to-IP mapping 


unique 


NHRP information was learned from a forwarded 
NHRP packet 



registered 


The NHRP mapping entry is protected from being 
overwritten 


by a mapping address that has the same IP address 
and a different NBMA address. 


Answer: 


registered 


authoritative 

that maintains the NBMA-to-IP mapping 


implicit 


unique 

bv a mapping address that has the same IP address 
and a different NBMA address. 


QUESTION 584 

Refer to the exhibit. When would the EEM applet be triggered? 


event manager applet MONITOR 

event interface name FastEthernetO/O parameter receive_rate_pps entry-op ge entry-val 
10000 entry-type value exit-op le exit-val 1000 exit-type value poll-interval 5 


A. every time that the input packet per second counter is below 10,000 

B. every time that the input packet per second counter has increased by 1,000 

C. every time that the input packet per second counter is above 10,000 

D. every time that the input packet per second counter has decreased by 1,000 

Answer: C 


QUESTION 585 

Refer to the exhibit. Based on the above commands, when will the output of the show log 
command be saved? 
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process cpu threshold type total rising 80 interval 5 falling 50 interval 5 
event manager applet CCIE 

event syslog pattern "SYS-l—CPUFALLINGTHRESHOLD" 
action 1.1 cli command ’’enable' 1 

action 1.2 cli command "show log | a flash:LOG” 


A. Each time the total CPU utilization goes below 50 percent 

B. Each time the total CPU utilization goes above 80 percent 

C. Every 5 minutes while the total CPU utilization is above 80 percent 

D. Every 5 seconds while the total CPU utilization is above 80 percent 

E. Every 5 minutes while the total CPU utilization is below 50 percent 

F. Every 5 seconds while the total CPU utilization is below 50 percent 

Answer: F 
Explanation: 

he cpu threshold generates syslog messages when it goes above 80 % and when it comes back 
down below 50% after being above 80%. 

It checks cpu utilization every 5 seconds. 

When the cpu has been above 80%, and has come back below 50%, the syslog message SYS-1- 

CPUFALLINGTHRESHOLD is generated 

-thats when the "show log" command is triggered 

The closest answer is "Each time the total CPU goes below 50 percent" 


QUESTION 586 

Refer to the exhibit. Which of the following options will trigger the applet? 


event manager applet SCRIPT 
event none // I O | v5n v! 


A. an external Cisco IOS event 

B. a manually run policy event 

C. a preconfigured timer 

D. an automated RPC call 

Answer: B 
Explanation: 

There are two ways to manually run an EEM policy. EEM usually schedules and runs policies on 
the basis of an event specification that is contained within the policy itself. The event none 
command allows EEM to identify an EEM policy that can either be run manually or be run when 
an EEM applet is triggered. To run the policy, use either the action policy command in applet 
configuration mode or the event manager run command in global configuration mode. 


QUESTION 587 

In GLBP, which router will answer on client ARP requests? 

A. all active AVF routers as the first response is used by the client 

B. the AVG router, replying with a different AVF MAC address each time 

C. a random AVF router, based on a GLBP seed hash key 

D. only the AVG router that received the ARP request first 
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Answer: B 
Explanation: 

LBP Active Virtual Gateway 

Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that 
group. Other group members provide backup for the AVG in the event that the AVG becomes 
unavailable. The AVG assigns a virtual MAC address to each member of the GLBP group. Each 
gateway assumes responsibility for forwarding packets sent to the virtual MAC address assigned 
to it by the AVG. These gateways are known as active virtual forwarders (AVFs) for their virtual 
MAC address. The AVG is responsible for answering Address Resolution Protocol (ARP) 
requests for the virtual IP address. 

Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC 
addresses. 

http://www.cisco.eom/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html#wp1039649 


QUESTION 588 

Refer to the exhibit. What is true about traffic from the INSIDE zone to the OUTSIDE zone? 


class-map type inspect match-all CMAP_ICMP 
match protocol iemp 

f 

policy-map type inspect PMAPAB 
class type inspect CMAP ICMP 
inspect 

class class-default 
drop 
r 

zone security INSIDE 
zone security OUTSIDE 

zone-pair security A_B source INSIDE destination OUTSIDE 
service-policy type inspect PMAP_A_B 

I 

interface FastEthernetO/O 
ip address 10.48.67.125 255.255.254.0 
zone-member security OUTSIDE 
duplex auto 
speed auto 

i 

» 

interface FastEthernetO/1 
ip address 192.168.101.1 255.255.255.0 
zone-member security INSIDE 
duplex auto 
speed auto 

i 

t 


A. All iemp echo requests will be inspected. 

B. All IP traffic will be dropped. 

C. All iemp echo requests will be passed, but the iemp echo reply to the echo request from the 
OUTSIDE zone will be dropped. /..I 

D. All IP traffic will be inspected. 

Answer: A 
Explanation: 
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When the traffic moves from inside to outside zone, ICMP echo requests will be inspected 
because the inspection is set using policy-map-type command is used. 


QUESTION 589 

What is also called Type 0 authentication in OSPF on Cisco Routers? 

A. MD5 

B. There is no Type 0 authentication 

C. SHA1 

D. Null 

Answer: D 
Explanation: 

These are the three different types of authentication supported by OSPF. Null Authentication- 
This is also called Type 0 and it means no authentication information is included in the packet 
header. It is the default. 

Plain Text Authentication--This is also called Type 1 and it uses simple dear-text passwords. 
MD5 Authentication-This is also called Type 2 and it uses MD5 cryptographic passwords. 


QUESTION 590 

Refer to the exhibit. Which two statements are correct, when the QoS configuration is applied in 
an outbound direction on a 10-Mb/s interface? (Choose two.) 


Class-map VIDEO 
Match ip precedence 5 
Class-map FTP 
Match ip precedence 1 

policy-map TEST 
class VIDEO 
priority 200 
class FTP 
bandwidth 1000 
class class-default 
random-detect 


A. When reaching 10 Mb/s of input rate, the video class will be policed to 200 kb/s. 

B. The class FTP is allowed to reach more than 1 Mb/s in the event of congestion. 

C. IP precedence 1 traffic is affected by a drop probability. 

D. Video traffic above 200 kb/s is allowed to pass when the total interface output rate does not 
reach 10 Mb/s. 

E. Video traffic above 200 kb/s is allowed to pass when congestion is present. 

Answer: BD 
Explanation: 

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intrface.html 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


235 















Pass Leader 

Leader of IT Certifications 


QUESTION 591 

Refer to the exhibit. A user with IP address 10.10.10.200 fails to use Telnet to a switch with IP 
address 10.10.20.2. 

What is most likely the issue? 



10.10.10 200/24 

hostname switch 



Tp jitufreWp 10.10.20.2 
-^"255.255.255.0 

i 

line con 0 
line vty 0 4 
no login 

privilege level 15 

j 

end 


A. The switch is not configured with a default gateway. 

B. The HTTP server is not enabled on the switch. 

C. STP is blocking the connection from switch to router. 

D. IP routing is enabled on the switch, but no route pointing back to the client is configured. 

E. The switch is configured with an IP address from the wrong subnet. 

Answer: D 
Explanation: 

As you can see in the exhibit that IP routing is enabled on the switch but no route is pointing back 
to the client. The ip address of interface vlan 1 is given but after that nothing! 


QUESTION 592 

Refer to the exhibit. Router RTB is performing one-way redistribution from RIP to OSPF. Which 
outgoing interface will router RTD choose for packets to the 192.168.0.0/24 network, and why? 
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router ospf 1 
redistribute rip 


A. FaO/1, because OSPF is a link-state routing protocol 

B. FaO/O, because RIP is a distance vector protocol 

C. FaO/O, because RIP has a higher administrative distance 

D. FaO/O, because OSPF has a lower administrative distance 

E. FaO/1, because OSPF has a lower administrative distance 

F. FaO/1, because RIP has a lower administrative distance 

Answer: E 


QUESTION 593 

Refer to the exhibit. What is the potential issue with this configuration? 



6.6.6.0/30 


OSPF 


OSPF AREA 1 

7.7.7.0/30 


L2P-A 

router 

network 

ospf 1 

1.1.1.1 

0.0.0.0 

area 

0 

network 

2.2.2.1 

0.0.0.0 

area 

0 

network 

4.4.4.1 

0.0.0.0 

area 

1 

network 

5.5.5.1 

0.0.0.0 

area 

1 


A. There is no potential issue; OSPF will work fine in any condition. 

B. Sub-optimal routing may occur since there is no area 1 adjacency between the ABRs. 
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C. This is a wrong OSPF configuration because all routers must be in area 0 only. 

D. This is a wrong OSPF configuration because /30 requires 0.0.0.3 wild card. 

Answer: B 
Explanation: 

The primary difference is that the GRE tunnel hides the real recipients under the outer IP header. 
The "transit" area, in that case, does not need to actually know all the prefixes. What it needs, 
though, is a default route that points towards the backbone. Suboptimal routing may occur, then, 
because the traffic from the "transit" area must first reach the backbone in order to get GRE- 
encapsulated and carried again through the "transit" area to the disconnected area. 


QUESTION 594 

Refer to the exhibit. What triggered the first SPF recalculation? 


Cl#show ip ospf statistics 








OSPF Router with 

ID (11.100. 

in) 

(Process 

ID 100) 



Area 0: 

SPF algorithm executed 2 times 





Summary 

OSPF SPF statistic 







SPF calculation time 







Delta T 

Intra D-Intra Summ 

D-Summ 

Ext 

D-Ext 

Total 

Reason 

00:05:12 

0 rO 0 


0 

0 

0 

R, 

SN f X 

00:05:02 

0 

0 

0 

0 

0 

R, 

SN f X 

00:02:57 

0 0 0 

0 

0 

0 

0 

X 



A. changes in a router LSA, subnet LSA, and external LSA 

B. changes in a router LSA, summary network LSA, and external LSA 

C. changes in a router LSA, summary network LSA, and summary ASBR LSA 

D. changes in a router LSA, summary ASBR LSA, and external LSA 

Answer: B 
Explanation: 

OSPFv2 is built around links, and any IP prefix change in an area will trigger a full SPF. It 
advertises IP information in Router and Network LSAs. The routers thus, advertise both the IP 
prefix information (or the connected subnet information) and topology information in the same 
LSAs. This implies that if an IP address attached to an interface changes, OSPF routers would 
have to originate a Router LSA or a Network LSA, which btw also carries the topology 
information. This would trigger a full SPF on all routers in that area, since the same LSAs are 
flooded to convey topological change information. This can be an issue with an access router or 
the one sitting at the edge, since many stub links can change regularly. 

Only changes in interarea, external and NSSA routes result in partial SPF calculation (since type 
3, 4, 5 and 7 LSAs only advertise IP prefix information) and thus IS-IS's PRC is more pervasive 
than OSPF's partial SPF. 

This difference allows IS-IS to be more tolerant of larger single area domains whereas OSPF 
forces hierarchical designs for relatively smaller networks. However with the route leaking from L2 
to LI incorporated into IS-IS the apparent motivation for keeping large single area domains too 
goes away. SPF is calculated in three phases. The first is the calculation of intra-area routes by 
building the shortest path tree for each attached area. The second phase calculates the inter-area 
routes by examining the summary LSAs and the last one examines the AS-External-LSAs to 
calculate the routes to the external destinations. 


QUESTION 595 

Which two orders in the BGP Best Path Selection process are correct? (Choose two.) 
A. Higher local preference, then lowest MED, then eBGP over iBGP paths 
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B. Higher local preference, then highest weight, then lowest router ID 

C. Highest weight, then higher local preference, then shortest AS path 

D. Lowest origin type, then higher local preference, then lowest router ID 

E. Highest weight, then higher local preference, then highest MED 

Answer: AC 
Explanation: 

Weight is the first attribute BGP uses in the route selection process. Route with a higher weight is 
preferred when multiple routes exist to the same destination. 


QUESTION 596 

Refer to the exhibit. How will traffic be split between the routers, assuming that there are many 
hosts on this subnet? 


R100#show glbp 
EthernetO/O - Group 150 
State is Active 

Virtual IP address is 10.1.1.150 
Preemption enabled, min delay 0 sec 
Active is local 

Standby is 10.1.1.101, priority 100 (expires in 8.128 sec) 

Priority 150 (configured) 

Weighting 50 (configured 50), thresholds: lower 1, upper 50 
Load balancing: round-robin 
Group members: 

aabb.cc00.6400 (10.1.1.100) local 

aabb.cc00.6500 (10.1.1. 1M*. wo) — 1 

There are 2 forwarders (1 active) 

Forwarder 1 /c~\\ 

State is Active 

1 state change, last state change 00:07:56 
Redirection enabled 

Preemption enabled, min delay 30 sec 
Active is local, weighting 10 
Forwarder 2 

State is Listen 

Redirection enabled, 599.360 sec remaining (maximum 600 sec) 

Time to live: 14399.360 sec (maximum 14400 sec) 

Active is 10.1.1.101 (primary), weighting 30 (expires in 10.432 sec) 


A. All traffic will be sent to the primary router (10.1.1.100). 

B. Traffic will be split equally between the two routers (10.1.1.100 and 10.1.1.101). 

C. Traffic will be split 25% (10.1.1.101) / 75% (10.1.1.100) between the two routers. 

D. Traffic will be split 75% (10.1.1.101) / 25% (10.1.1.100) between the two routers. 

Answer: D 


QUESTION 597 

Refer to the exhibit. A packet from RTD with destination RTG, is reaching RTB. What is the path 
this packet will take from RTB to reach RTG? 
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RTA 




router ospf 1 




network 1.1.1.1 

o 

o 

o 

o 

area 

C 

network 2.2.2.1 

o 

o 

o 

o 

area 

C 

network 4.4.4.1 

o 

o 

o 

o 

area 

1 

network 5.5.5.1 

o 

o 

o 

o 

area 

1 



1.1.1.0/30 


OSPFAREA 0 


1.1.1.4/30 



A. RTB - RTA - RTG 

B. RTB - RTD - RTC - RTA - RTG 

C. RTB - RTF - RTE - RTA - RTG 

D. RTB will not be able to reach RTG since the OSPF configuration is wrong. 

Answer: C 
Explanation: 

NOTE: I strongly suspect this question is wrong. There is no way to find the destination without 
additional information. So this is a wrong question. The exhibit doesn't provide enough 
information to calculate the path of the packet 


QUESTION 598 

Refer to the exhibit. Which path is selected as best path? 


Rl# show ip bgp 10.1.0.1 

BGP routing table entry for 10.1.0.0/16, version 11 
Paths: (2 available, best #?, table Default-IP-Routing-Table) 
Advertised to non peer-group peers: 

2 

65000 

10.168.30.4 (metric 74) from 3.3.3.3 (3.3.3.3) 

Origin IGP, metric 100, localpref 100, valid, internal 
65000 \\ 

10.168.20.4 from 192.168.20.4 (4.4.4.4) 

Origin IGP, metric 200, localpref 100, valid, external 


A. path 1, because it is learned from IGP 

B. path 1, because the metric is the lowest 

C. path 2, because it is external 

D. path 2, because it has the higher router ID 
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Answer: B 
Explanation: 

Metrics is a property of a route in computer networking, consisting of any value used by a routing 
protocol to determine whether one particular route should be chosen over another. The routing 
table stores only the best possible routes, while link-state or topological databases may store all 
other information as well. For example, Routing Information Protocol uses hopcount (number of 
hops) to determine the best possible route. The route will go in the direction of the gateway with 
the lowest metric (default gateway). 


QUESTION 599 

What is the first thing that happens when IPv6 is enabled on an interface on a host? 

A. A router solicitation is sent on that interface. 

B. There is a duplicate address detection on the host interface. 

C. The link local address is assigned on the host interface. 

D. A neighbor redirect message is sent on the host interface. 

Answer: B 
Explanation: 

Duplicate address detection (DAD) is used to verify that an IPv6 home address is unique on the 
LAN before assigning the address to a physical interface (for example, QDIO). 
z/OS Communications Server responds to other nodes doing DAD for IP addresses assigned to 
the interface. 


QUESTION 600 

What is the flooding scope of an OSPFv3 LSA, if the value of the S2 bit is set to 1 and the SI bit 
is set to 0? 

A. link local 

B. area wide 

C. AS wide 

D. reserved 

Answer: C 


QUESTION 601 

Refer to the exhibit. R1 is not learning about the 172.16.10.0 subnet from the BGP neighbor R2 
(209.165.202.130). What can be done so that R1 will learn about this network? 



165.200.224/27 


R1 If show ip route 172.16.0.0 

Routing entry for 172.16.0.0/16 

Known via "bgp 65500", distance 200, metric 0, type internal 
Last update from 209.165.202.130 00:03^15 ago 
Routing Descriptor Blocks: C')-^ ( '\\ 

♦ 209.165.202.130, from U*V 00:03:15 ago 

Route metric 0>^rlrfipLs«are count is 1 

: 5*2ft sheroute 172.16.0.0 

entry for 172.16.0.0/24, 1 known subnets 
Redistributing via eigrp 100, bgp 65500 
Advertised by bgp 65500 

D 172.16.10.0 [90/156160] via 209.165.202.15B, 00:09:19, FastEthernet0/0 
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A. Disable auto-summary on R2. 

B. Configure an explicit network command for the 172.16.10.0 subnet on R2. 

C. Subnet information cannot be passed between IBGP peers. 

D. Disable auto-summary on R1. 

Answer: B 
Explanation: 

By default, BGP does not accept subnets redistributed from IGP. To advertise and carry subnet 
routes in BGP, use an explicit network command or the no auto-summary command. If you 
disable auto-summarization and have not entered a network command, you will not advertise 
network routes for networks with subnet routes unless they contain a summary route. 


QUESTION 602 

Refer to the exhibit. After a link flap in the network, which two EIGRP neighbors will not be 
queried for alternative paths? (Choose two.) 


rl3#show ip eigrp nei det 








IP 

-EIGRP neighbors for process 100 







H 

Address 

Interface 

Hold 

Uptime 

SRTT 

RTO 

Q 

Seq 




(sec) 


(ms) 

Cnt 

Num 

1 

192.168.1.1 

EtO/O 

9999 

00:20:26 

9 

200 

0 

9 


Version 12.4/1.2, Retrans: 0 r Retries: 

0, Prefixes: 1 





4 

192.168.3.7 

EtO/2 

10 

00:21:07 

25 

200 

0 

27 


Version 12.4/1.2, Retrans: 0, Retries: 

0 







Stub Peer Advertising ( 

STATIC ) Routes 







Suppressing queries 








3 

192.168.3.8 

EtO/2 


00:21:26 

26 

200 

0 

25 


Version 12.4/1.2, Retrans: 0, Retries: 








Stub Peer Advertising ( 

SUMMARY ) Routes 







Suppressing queries 








2 

192.168.3.6 

Restart time 00:33:14 

EtO/2 

14 

00:33:41 

16 

200 

0 

19 


Version 12.4/1.2, Retrans: 0, Retries: 

0, Prefixes: 1 





0 

192.168.2.1 

Restart time 00:33:14 

EtO/1 

9999 

' 00:43:06 

17 

200 

0 

6 


Version 12.4/1.2, Retrans: 2, Retries: 

0, Prefixes: 1 





5 

192.168.3.9 

Restart time 00:33:14 

EtO/2 

11 

00:33:41 

16 

200 

0 

19 


Version 12.4/1.2, Retrans: 0, Retries: 

0, Prefixes: 1 






A. 192.168.1.1 

B. 192.168.3.7 

C. 192.168.3.8 

D. 192.168.3.6 

E. 192.168.2.1 

F. 192.168.3.9 

Answer: BC 
Explanation: 

Both 192.168.3.7 & 192.168.3.8 are in an EIGRP Stub area 

The Enhanced Interior Gateway Routing Protocol (EIGRP) Stub Routing feature improves 
network stability, reduces resource utilization, and simplifies stub router configuration. Stub 
routing is commonly used in a hub and spoke network topology. In a hub and spoke network, one 
or more end (stub) networks are connected to a remote router (the spoke) that is connected to 
one or more distribution routers (the hub). The remote router is adjacent only to one or more 
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distribution routers. The only route for IP traffic to follow into the remote router is through a 
distribution router. This type of configuration is commonly used in WAN topologies where the 
distribution router is directly connected to a WAN. The distribution router can be connected to 
many more remote routers. Often, the distribution router will be connected to 100 or more remote 
routers. In a hub and spoke topology, the remote router must forward all nonlocal traffic to a 
distribution router, so it becomes unnecessary for the remote router to hold a complete routing 
table. Generally, the distribution router need not send anything more than a default route to the 
remote router. 

When using the EIGRP Stub Routing feature, you need to configure the distribution and remote 
routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes 
are propagated from the remote (stub) router. The router responds to queries for summaries, 
connected routes, redistributed static routes, external routes, and internal routes with the 
message "inaccessible." A router that is configured as a stub will send a special peer information 
packet to all neighboring routers to report its status as a stub router. Any neighbor that receives a 
packet informing it of the stub status will not query the stub router for any routes, and a router that 
has a stub peer will not query that peer. The stub router will depend on the distribution router to 
send the proper updates to all peers. 


QUESTION 603 

Refer to the exhibit. Why is AS 65333 in parentheses? 


BGP table version is 11, local router 

ID is 192.168.3.2 


Status codes 

: s suppressed, d damped, 
r RIB-failure, S Stale 

h history, * valid, > best, i - internal, 

Origin codes 

: i - IGP, e - EGP, ? - incomplete 


Network 

Next Hop A /Z-A'j- 

Metric LocPrf Weight 

Path 

* 172.16.1. 

0/24 172.16.1.1 

0 100 0 

(65333) 62000 ? 

*>i 

JL^l68.2.1 

0 100 0 

62000 ? 


A. It is an external AS. 

B. It is a confederation AS. 

C. It is the AS of a route reflector. 

D. It is our own AS. 

E. A route map has been applied to this route. 

F. The BGP next hop is unreachable. 

Answer: B 
Explanation: 

The AS numbers that are part of the confederation are grouped between parentheses and are 
replaced by the confederation identifier (the real AS number) in nonconfederation eBGP 
sessions.. 


QUESTION 604 

Refer to the exhibit. Which action would make the router the active VRRP router? 
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Router#show vrrp 
EthernetO/O - Group 30 
State is Backup 

Virtual IP address is 10.1.1.30 
Virtual MAC address is 0000.5e00.Olle 
Advertisement interval is 1.000 sec 
Preemption enabled 
Priority is 45 (cfgd 100) 

Track object 1 state Down decrement 55 
Track object 2 state Up decrement 55 
Master Router is 10.1.1.101, priority is 50 
Master Advertisement interval is 1.000 sec 
Master Down interval is 3.414 sec (expires in 2.982 sec) 

Router#show run | inc track 

track 1 interface Seriall/0 line-protocol 

track 2 interface Seriall/1 line-protocol 


A. Recover interface Serial 1/0. 

B. Increase priority in the configuration to 100. 

C. Change the interface tracking priority to 100. 

D. Recover interface Serial 1/1. 

Answer: A 
Explanation: 

As VRRP Group 30 is configured with preemption all that is required is that the VRRP Priority be 
higher than that of the current active VRRP router and the current master router priority is 50. 


QUESTION 605 

Refer to the Exhibit. The displayed QoS configuration has been configured on a router. 

IPv6 is being implemented on the router, and it is required to convert the QoS policy to support 
both IPv4 and IPv6 on the same class. 

Which alternative configuration would allow matching DSCP AF41 for both IPv4 and IPv6 on the 
same class map? 


! 

class-map match-all CLASSl 
match ip dscp af41 

t 


A. Class-map match-all CLASSl 
Match dscp af41 

B. Class-map match-all CLASSl 
Match ip dscp af41 

Match ipv6 dscp af41 

C. Class-map match-any CLASSl 
Match ip dscp af41 

Match ipv6 dscp af41 

D. Class-map match-any CLASSl 
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Match qos-group af41 

Answer: A 


QUESTION 606 

Voice quality is bad due to high delay and jitter on a link. Which two actions will improve the 
quality of voice calls? (Choose two.) 

A. Increase the queue size of the voice class. 

B. Guarantee bandwidth during congestion to the voice class with a bandwidth command. 

C. Increase the tx-ring of the egress interface. 

D. Implement LLQ for the voice class. 

E. Decrease the rx-ring of the egress interface. 

F. Decrease the queue size of the voice class. 

Answer: DF 


QUESTION 607 

Refer to the exhibit. On what will the config class-map VOICE match? 
access-list 101 permit udp any any range 16384 32767 
! 

Class-map match-any VOICE 
Match access-group 101 
Match ip dscp ef 


A. only on UDP traffic between port ranges 16384 and 32767 

B. only on DSCP EF traffic 

C. on UDP traffic between port ranges 16384 and 32767, and on DSCP EF traffic 

D. only on EF traffic that is UDP and within the UDP range of 16384 and 32767 


Answer: C 


QUESTION 608 

Refer to the exhibit. Assuming that the routing protocol for this network is EIGRP, if the link 
between R1 and R3 failed, what would R4 receive from R3? 



R2 


A. R4 would receive an update noting R3's higher cost to reach 172.30.1.0/24. 
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B. R4 would not receive any updates or queries, since R3 would simply move to the path through 
R2. 

C. R4 would receive a query, since R3 would mark 172.30.1.0/24 as active when the link between 
R1 and R4 failed. 

D. R4 would not receive any packets, since R3 is not using the link to R1 to reach 172.30.1.0/24. 

Answer: A 


QUESTION 609 

Which three statements accurately describe a link-state routing protocol? (Choose three.) 

A. Each router sends routing information to all nodes in the flooding domain. 

B. Each router sends all or some portion of its routing table to neighboring routers. 

C. Each router individually builds a picture of the entire flooding domain. 

D. Each router has knowledge of all other routers in the flooding domain. 

E. Each router is only aware of neighboring routers. 

F. Each router installs routes directly from the routing updates into the routing table. 

Answer: ACD 


QUESTION 610 

Refer to the exhibit. What is true about the configuration in this exhibit? 


class-map type inspect match-all cl 
match access-group 101 
match protocol http 
policy-map type inspect pi 
class type inspect cl 
drop 


A. It is an invalid configuration because it includes both an application layer match and and a 
Layer 3 ACL. 

B. It will create a class map that matches the content of ACL 101 and the HTTP protocol, and will 
then create an inspection policy that will drop packets at the class map. 

C. It will create a class map that matches the content of ACL 101 and the HTTP protocol, and will 
then create an inspection policy that will allow packets at the class map. 

D. It will create a class map that matches the content of ACL 101 or the HTTP protocol (depending 
on the zone of the interface), and will then create an inspection policy that will drop packets at the 
class map. 

E. It will create a class map that matches the content of ACL 101 or the HTTP protocol (depending 
on the zone of the interface), and will then create an inspection policy that will allow packets at the 
class map. 

F. It is an invalid configuration because the class map and policy map names must match. 

Answer: B 


QUESTION 611 

Refer to the exhibit. You are trying to police down to 100 Mb/s. While testing, you notice that you 
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rarely exceed 70-80 Mb/s. What do you need to change in your MQC configuration to allow for 
100 Mb/s speeds? 





10.1.2.1/24 

Gi0/2 


10.1.1.1/24 

Gi0/1 


Switch# shQ w_ i[ pqJ(3l5yc5talp) O v 
PolipyVMara 
Glass Glass -default 
tpblice cir lOOOOCOCO be 1250C00 
conform-action transmit 
exceed-action drop 



A. Change the CIR value from 100 Mb/s to 200 Mb/s. 

B. Change the Be value to allow for a large enough burst. 

C. Change the QoS queue from default to priority. 

D. Change the exceed-action to transmit. 

Answer: B 
Explanation: 

Burst size-Also called the Committed Burst (Be) size, it specifies in bits (or bytes) per burst how 
much traffic can be sent within a given unit of time to not create scheduling concerns. (For a 
shaper, such as GTS, it specifies bits per burst; for a policer, such as CAR, it specifies bytes per 
burst.) 


QUESTION 612 

Which feature would prevent guest users from gaining network access by unplugging an IP 
phone 

and connecting a laptop computer? 

A. IPSecVPN 

B. SSL VPN 

C. port security 

D. port security with statically configured MAC addresses 

E. private VLANs 

Answer: D 


QUESTION 613 

After applying a new ACL on a device, its CPU utilization rose significantly and many messages 
starting with "%SEC-6-IPACCESSLOG" appeared on the Syslog server. 

What can be done to resolve this situation? 

A. Increase memory allocation for ACLs. 

B. Remove all entries from the ACL and use a single permit ip any any statement. 
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C. Remove the log keyword from each ACL entry. 

D. Reboot the device after the ACL has been applied. 

Answer: C 


QUESTION 614 

Refer to the exhibit. Clients that are connected to FaO/O of RTA are only allowed to connect to the 
Internet and networks, but not the networks on Fal/0, Fa2/0, Fa3/0 and Fa4/0. To achieve this, 
you have configured an ACL on RTA and applied it on the incoming direction of interface FaO/O. 
After you apply this ACL, you learn that some of these networks are still accessible for clients that 
are connected to the 10.10.10.0/24 network. What is the correct ACL configuration to solve this 
issue? 


Internet 


10.10.20.1/24 10.10.10.1/24 



Fa 1/0 10.1.0.1/24 
Fa2/0 10.1.1 1/24 
Fa3/0 10.1.2.1724 
Fa4/0 10.1.3.1/24 



Incoming Access List. Fa0/0 

access-iist 101 deny ip any 10.1.0.0 0.0.254.255 
access-list 101 permit ip any any 


A. 

B. 

C. 

D. 


access-list 101 deny ip any 10.1.0.0 0.0.1.255 

access-list 101 permit ip any any 

access-list 101 permit ip any 10.1.0.0 0.0.1.255 

access-list 101 deny ip any any 

access-list 101 deny ip any 10.1.0.0 0.0.252.255 

access-list 101 permit ip any any 

access-list 101 deny ip any 10.1.0.0 0.0.3.255 

access-list 101 permit ip any any 


Answer: D 
Explanation: 

Access-lists use a wild card mask which is incorrectly configured in the above example Reference 


QUESTION 615 

You are the network administrator of a medium-sized company, and users are complaining that 
they cannot send emails to some organizations. During your troubleshooting, you notice that your 
DNS MX record is blacklisted by several public blacklist filters. After clearing these listings for 
your IP address, and assuming that your email server has the right virus protection in place, what 
are two possible solutions to prevent this from happening in the future? (Choose two.) 

A. Change your Internet provider. 
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B. Change your public IP address. 

C. Allow the email server to send traffic only to TCP port 25. 

D. Put your email server in a DMZ. 

E. Use a separate public IP address for your email server only. 

Answer: CE 


QUESTION 616 

Refer to the exhibit. What can be done to remove the summary routes to NullO on R3? 


R3#show ip route 

Gateway of last resort is not set 


209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks 
209.165.200.224/27 is directly connected, Serial0/0/0 
209.165.200.0/24 is a summary, 00:01:27, NullO 
209.165.201.0/27 is subnetted, 1 subnets 

209.165.201.0 [90/20514560] via 209.165.200.242, 20:41:09, Serial0/0/0 
209.165.202.0/24 is variably subnetted, 2 subnets, 2 masks 
209.165.202.128/27 is directly connected, FastEthernet0/0 
209.165.202.0/24 is a summary, 00:01:27, NullO 


R3#show ip eigrp neighbors 
IP-EIGRP neighbors for process 


100 


H 

Address 

Interface 

Hold Uptime 
(sec) 

SRTT 

(ms) 

RTO 

Q 

Cnt 

Seq 

Num 

1 

209.165.202.155 

Fa0/0 

10 00:23:31 

1 

200 

0 

7 

0 

209.165.200.242 

Se0/0/0 

158 20:41:25 

211 

1266 

0 

67 


A. Configure the EIGRP routing subcommand no auto-summary on 209.165.202.155. 

B. Configure the EIGRP routing subcommand no auto-summary on 209.165.202.24. 

C. Configure the EIGRP routing subcommand no auto-summary on both 209.165.202.155 and 

209.165.202.242. 

D. Configure the EIGRP routing subcommand no auto-summary on R3. 

Answer: D 
Explanation: 

Disabling automatic summarization will remove the NullO summary route and allow EIGRP to look 
for a supernet or default route when an EIGRP child route does not match a destination packet. 


QUESTION 617 

Refer to the exhibit. R4 is configured as a receive-only EIGRP stub, and is adjacent with 
209.165.202.139 (R3). 

However, R4 is not learning about network 209.165.201.0/27 from R3. What could be the cause 
of this issue? 
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R4#show ip route 


Gateway of last resort is not set 


209.165.202.0/27 is subnetted, 1 subnets 
209.165.202.128 is directly connected, 


R4#show ip eigrp neighbor detail 
IP-EIGRP neighbors for process 100 
H Address Interface 


lULCLLdUC 


Fa s tE the rne 10/0 




0 209.165.202.13^ 

Version 12.4/1.2, Retrans : 0, Retries: 0 
Receive-Only Peer Advertising ( No ) Routes 


Hold Uptime SRTT 
(sec) (ms) 

13 00:00:29 1 


RTO 

Q 

Seq 


Cnt 

Num 

200 

0 

99 


R3#show ip route eigrp 

* 209.165.201.0/27 is subnetted, 1 subnets 

D* 209.165.201.0 [90/20514560] via 209.165.200.242, 00:01:36, Serial0/0/0 


A. R4 should learn this route from 209.165.200.242, and not from R3. 

B. R3 is configured as a receive-only EIGRP stub. 

C. R3 and R4 may be using different EIGRP process numbers. 

D. R3 and R4 are asymmetrically adjacent neighbors. 

Answer: B 
Explanation: 

Configuring EIGRP Stub Routing 

To configure a remote or spoke router for EIGRP stub routing, use the following commands 
beginning in router configuration mode: 



Command 

Purpose 

Step 1 

router(config!| router eigrp as-nurber 

Configures a remote or distribution 
router to run an EIGRP process 

Step 2 

router (config-router) | network neitfori- 
number 

Specifies the network address of 
the EIGRP distribution router. 

Step 3 

router(config-router)| eigrp stub 
[receive-only | connected | static | 
saaavy] 

Configures a remote router as an 
EIGRP stub router 


QUESTION 618 

Refer to the exhibit. What problem does the debug ip ospf event output from R3 indicate? 


*Nov 2 00:47:06.246: OSPF: Rev hello from 209.165.202.140 area 209.165.202.128 from FastEthernet0/0 209.165.202.140 
*Nov 2 00:47:06.246: OSPF: Hello from 209.165.202.140 with mismatched Stub/Transit area option bit 


A. 209.165.202.140 and R3 are not both configured as OSPF stubs. 

B. 209.165.202.140 and R3 are not configured in the same OSPF area. 

C. 209.165.202.140 is configured as a no-summary stub. 

D. Transit area OSPF hello packets are not processed by design. 

Answer: A 
Explanation: 

As you can see that the hello packets are mismatched. This means that 209.165.202.140 and R3 
are not configured as OSPF stubs. 
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QUESTION 619 

Refer to the exhibit. R4 is a remote office router that is running EIGRP; the decision has been 
made to change EIGRP to use static EIGRP adjacencies. However, once the configuration 
change was applied, the adjacency between R4 and 209.165.202.139 (HQ) seems to disappear. 
What could be the cause of this issue? 


Hold Uptime SRTT RTO Q Seq 

(sec) (msl- Cnt Num 

14 00:00:22 200 0 23 

^ f f l M 1 VJ 

R4 (config)#router eigrp 100 

R4(config-router)#neighbor 209.165.202.139 fa0/0 

*Nov 11 02:01:05.354: %DUAL-5-NBRCHANGE: IP-EIGRP(O) 100: Neighbor 209.165.202.139 

R4#show ip eigrp neighbors 
IP-EIGRP neighbors for process 100 


R4#show ip eigrp neighbors 
IP-EIGRP neighbors for process 100 
H Address Interface 

0 209.165.202.139 Fa0/0 


A. Static EIGRP neighbor configuration is symmetric; it causes the interface to stop processing 
inbound multicast packets and stop sending multicast packets. 

B. Static EIGRP neighbors are not displayed with the show ip eigrp neighbors command. 

C. A distance (internal 90 or external 170) must also be configured for the static neighbor. 

D. The neighbor 209.165.202.139 should be changed to run under EIGRP autonomous system 0. 

Answer: A 
Explanation: 

As you can see that static EIGRP neighbor configuration is symmetric. 

This causes the interface to halt processing inbound packets and stop sending multicast packets. 


QUESTION 620 

Which EIGRP packet types are sent as unicast packets? 

A. hello, update, query 

B. query, SIA query, reply 

C. SIA query, reply, ACK 

D. query, SIA query, SIA reply 

Answer: C 


QUESTION 621 

What is a reason for an EIGRP router to send an SIA reply to a peer? 

A. to respond to an SIA query with the alternative path requested 

B. to respond to a query reporting that the prefix has gone stuck-in-active 

C. to respond to an SIA query that the router is still waiting on replies from its peers 

D. to respond to a reply reporting that the prefix has gone stuck-in-active 

Answer: C 
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QUESTION 622 

Refer to the exhibit. Which prefixes will appear in the EIGRP topology table? 


10 . 1 . 1.1 124 


192 . 168 . 1.1 /26 


10 . 1 . 2.1 124 


172 . 16.1 1 /26 



192 . 168 . 2.1 /26 


172 . 16 . 2.1 / 26 


router eigrp 10C 

network 10.0.0.C 

network 172.16.1.0 255.255.255.0 
network 192.168.0.0 255.255.0.0 
no auto-summary 


A. 10.0.0.0/8, 172.16.1.0/24, 192.168.0.0/16 

B. 10.1.1.0/24, 10.1.2.0/24, 172.16.1.0/26, 192.168.1.0/26, 192.168.2.0/26 

C. 10.1.1.0/24, 10.1.2.0/24, 172.16.1.0/26, 172.16.2.0/26, 192.168.1.0/26, 192.168.2.0/26 

D. 10.1.1.1/24, 10.1.2.1/24, 172.16.1.1/26, 172, 192.168.1.1/26, 192.168.2.1/26 

Answer: B 

QUESTION 623 

What is the most common use for route tagging in EIGRP? 

A. to determine the route source for management purposes 

B. to change the metric of a prefix 

C. to filter routes in order to prevent routing loops 

D. to modify path selection for certain classes of traffic 

Answer: C 

QUESTION 624 

Refer to the exhibit. Which statement is true? 
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RPlfshow ipv€ mroute 

Multicast Routing Table 

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, 

C - Connected, L - Local, I - Received Source Specific Host Report, 
P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, 

J - Join SPT 
Timers: Uptime/Expires 
Interface state: Interface, State 

(*, FF7E:200:2A02:Bill:FC02:1:11FF:11EE), 00:00:35/never, RP 
2A02:Bill:FC02:1::1, flags: SCLJ 
Incoming interface: Null 
RPF nbr: :: 

Immediate Outgoing interface list: 

Ethernet2/0, Forward, 00:00:35/never 


A. The output shows an IPv6 multicast address with link-local scope. 

B. The output shows an IPv6 multicast address that is used for unique local sources only. 

C. The output shows an IPv6 multicast address that can be used for BIDIR-PIM only. 

D. The output shows an IPv6 multicast address with embedded RP. 

Answer: D 

QUESTION 625 

Which two statements about the max-age time in IS-IS are true? (Choose two.) 

A. The IS-IS max-age time is 20 minutes by default. 

B. The IS-IS max-age time is 60 minutes by default. 

C. The IS-IS max-age time increments from zero to max-age. 

D. The IS-IS max-age time decrements from max-age to zero. 

Answer: AD 


QUESTION 626 

Which two statements about the default behavior of IS-IS are true? (Choose two.) 

A. The default IS-IS router type is L1/L2. 

B. The default IS-IS metric type is wide. 

C. The default IS-IS interface circuit type is L1/L2. 

D. By default, two IS-IS routers must use the same hello interval and hold timer in order to become 
neighbors. 

Answer: AC 


QUESTION 627 

Which two statements about BPDU guard are true? (Choose two.) 

A. The global configuration command spanning-tree portfast bpduguard default shuts down 
interfaces that are in the PortFast-operational state when a BPDU is received on that port. 

B. The interface configuration command spanning-tree portfast bpduguard enable shuts down only 
interfaces with PortFast enabled when a BPDU is received. 
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C. BPDU guard can be used to prevent an access port from participating in the spanning tree in the 
service provider environment. 

D. BPDU guard can be used to protect the root port. 

E. BPDU guard can be used to prevent an invalid BPDU from propagating throughout the network. 

Answer: AC 


QUESTION 628 

Which two 802.1 D port states are expected in a stable Layer 2 network? (Choose two.) 

A. forwarding 

B. learning 

C. listening 

D. blocking 

E. disabled 

Answer: AD 


QUESTION 629 

Where must the spanning-tree timers be configured if they are not using the default timers? 

A. They must be on the root bridge. 

B. They must be on any non-root bridge. 

C. Changing the default timers is not allowed. 

D. Timers must be modified manually on each switch. 

Answer: A 


QUESTION 630 

Which three fields are part of a TCN BPDU? (Choose three.) 

A. protocol ID 

B. version 

C. type 

D. max-age 

E. flags 

F. message age 

Answer: ABC 


QUESTION 631 

With Autoinstall, which mechanism allows for automatic addressing of the serial interface using 
HDLC? 

A. ARP 

B. BOOTP 

C. DHCP 

D. SLARP 
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Answer: D 


QUESTION 632 

Which two protocols does the Management Plane Protection feature support? (Choose two.) 

A. ARP 

B. HTTPS 

C. TFTP 

D. OSPF 

Answer: BC 


QUESTION 633 

Refer to the exhibit. Which configuration reduces CPU utilization on R2 while still advertising the 
connected routes of R2 to R1 ? 



A. Configure eigrp stub connected on R2. 

B. Configure eigrp stub receive-only on R1. 

C. Configure eigrp stub static on R2. 

D. Configure eigrp stub summary on R1. 

Answer: A 


QUESTION 634 

Which authentication types does OSPF support? 

A. null and clear text 

B. MD5 only 

C. MD5 and clear text 

D. null, clear text, and MD5 

E. clear text only 

Answer: D 


QUESTION 635 

Which ICMP message type is used to assist path MTU discovery? 
A. destination unreachable 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


255 

















Pass Leader’ 

Leader of IT Certifications 


B. redirect message 

C. source quench 

D. time exceeded 

Answer: A 


QUESTION 636 

A configuration includes the line ip route 10.0.0.0 255.0.0.0 172.16.10.10 permanent. 

Which option is a benefit of configuring this static route as permanent? 

A. It allows the route to be redistributed into the network even if the outgoing interface is down. 

B. It allows the route to be saved in the running configuration of the device. 

C. It places a hidden tag on the route that can be matched on other devices. 

D. It allows the route to have a tracking status even if no tracking object is configured. 

Answer: A 


QUESTION 637 

Refer to the exhibit. Which two statements about the R1 configuration are true? (Choose two.) 


P.l#sh run I i mpls 

mpls ldp session protection 

mpls ldp discovery targeted-hello accept 

no mpls ldp advertise-labels 

mpls ldp advertise-labels for LOOPBACK-ONLY 

no mpls ip propagate-ttl forwarded 

mpls label protocol ldp 


A. The IP TTL value is copied to the MPLS field during label imposition. 

B. The structure of the MLPS network is hidden in a traceroute. 

C. The LDP session interval and hold times are configured for directly connected neighbors. 

D. R1 protects the session for 86400 seconds. 

E. All locally assigned labels are discarded. 

Answer: BD 


QUESTION 638 

Which two statements about IPsec VTI implementation are true? (Choose two.) 

A. The IKE SA can be bound to the VTI and the crypto map. 

B. The transform set can be configured only in tunnel mode. 

C. SVTIs support only a single IPsec SA. 

D. SVTIs support IPv4 packets that carry IPv6 packets. 

Answer: BC 
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QUESTION 639 

Which command sets the maximum segment size for a TCP packet initiated from a router? 

A. ip mtu 

B. ip tcp adjust-mss 

C. ip tcp mss 

D. ip tcp window-size 

Answer: C 


QUESTION 640 

Which circumstance can cause TCP starvation and UDP dominance to occur? 

A. Too few queues are available. 

B. UDP is comprised of smaller packets than TCP. 

C. Retransmitted TCP packets are on the network. 

D. UDP and TCP data are assigned to the same service-provider class. 

Answer: D 


QUESTION 641 

Refer to the exhibit. Which statement about the topology is true? 



A. It provides a transparent LAN service. 

B. It provides only point-to-multipoint connections between UNIs. 

C. It uses port-based connections at the hub. 

D. It provides point-to-point connections between UNIs. 

Answer: D 


QUESTION 642 

Which two statements about reverse ARP are true? (Choose two.) 
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A. Its servers require static mappings. 

B. It works with Autoinstall to configure new devices. 

C. It provides IP addresses for subnet masks. 

D. It provides IP addresses for default gateways. 

E. It requires less maintenance than DHCP. 

Answer: AB 


QUESTION 643 

Refer to the exhibit. This network is configured with PIM, and the RPF check has failed toward 
the multicast source. Which two configuration changes must you make to router R3 to enable the 
RPF check to pass? (Choose two.) 



A. Configure a static multicast route to the multicast source through the tunnel interface. 

B. Configure a static multicast route to the multicast source LAN through the tunnel interface. 

C. Configure a static multicast route to the multicast source LAN through the Ethernet interface. 

D. Remove the command ip prim bidir-enable from the R3 configuration. 

Answer: AB 


QUESTION 644 

In which two situations is an EIGRP hello packet sent as unicast? (Choose two.) 

A. during neighbor discovery 

B. when link costs change 

C. when the neighbor command is used 

D. when an ACK is sent 

Answer: CD 


QUESTION 645 

Which three options are results of the command no mpls ip propagate-ttl? (Choose three.) 
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A. It prevents the TTL from being copied from the IP header to the MPLS header. 

B. It prevents the MPLS hops from being visible to a CE router when you perform a traceroute. 

C. A fixed TTL value of 255 is used for the first label of the IP packet. 

D. It prevents the TTL from being copied from the MPLS header back into the IP header. 

E. MPLS hops remain visible on a CE router when you perform a traceroute. 

F. A fixed TTL value of 1 is used for the first label of the IP packet. 

Answer: ABC 


QUESTION 646 

Which statement about how a CE router is used in an MPLS VPN is true? 

A. It is located on the customer premises, where it peers and exchanges routes with the provider 
edge router. 

B. It is located on the provider premises, where it peers and exchanges routes with the customer 
edge router. 

C. It is located on the customer premises, but it is fully controlled by the provider, which provides a 
full routing table to the customer. 

D. It is located on the provider premises, and it routes only MPLS label traffic. 

Answer: A 


QUESTION 647 

Which three options are three benefits of an MPLS VPN? (Choose three.) 

A. It allows IP address space overlap by maintaining customer routes in a private routing table. 

B. It offers additional security by preventing intrusions directly into the customer routing table. 

C. It offers a transparent virtual network in which all customer sites appear on one LAN. 

D. It offers additional security by allowing only dynamic routing protocols between CE and PE 
routers. 

E. It allows IP address space overlap by maintaining customer routes in the global routing table with 
unique BGP communities. 

F. Providers can send only a default route for Internet access into the customer VPN. 

Answer: ABC 


QUESTION 648 

Into which two pieces of information does the LISP protocol split the device identity? (Choose 
two.) 

A. Routing Locator 

B. Endpoint Identifier 

C. Resource Location 

D. Enterprise Identifier 

E. LISP ID 

F. Device ID 

Answer: AB 
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QUESTION 649 

Which two protocols are used to establish IPv6 connectivity over an MPLS network? (Choose 
two.) 

A. 6PE 

B. 6VPE 

C. RSVP 

D. ISATAP 

E. LDP 

F. IPv6IP 

Answer: AB 


QUESTION 650 

Which three types of traffic are protected when you implement IPsec within an IPv6-in-IPv4 
tunnel? (Choose three.) 

A. IPv6 link-local traffic 

B. IPv6 multicast traffic 

C. IPv6 unicast traffic 

D. IPv4 tunnel control traffic 

E. IPv4 broadcast traffic 

F. IPv6 broadcast traffic 

Answer: ABC 


QUESTION 651 

Which three features does GETVPN support to improve deployment and scalability? (Choose 
three.) 

A. configuration of multiple key servers to work cooperatively 

B. allowing traffic to be discarded until a group member registers successfully 

C. local exceptions in the traffic classification ACL 

D. GDOI protocol configuration between group members and the key server 

E. redundant IPsec tunnels between group members and the key server 

F. redundant multicast replication streaming through the use of a bypass tunnel 

Answer: ABC 


QUESTION 652 

Refer to the exhibit. Which two configuration changes enable you to log in to the router? (Choose 
two.) 
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aaa new-model 

aaa authentication login default group tacacs+ local 
aaa authentication enable default group tacacs+ enable 
aaa authorization console 

aaa authorization exec default group tacacs+ if-authenticated 

aaa authorization commands 1 default group tacacs+ local if-authenticated 

aaa authorization commands 4 default group tacacs+ if-authenticated 

aaa authorization commands 15 default group tacacs+ local if-authenticated 

aaa accounting exec default start-stop group tacacs+ 

aaa accounting commands 1 default start-stop group tacacs+ 

aaa accounting commands 15 default start-stop group tacacs+ 

aaa session-id common 

line con 0 

exec-timeout 120 0 
logging synchronous 
transport input ssh telnet 
password cisco 

line vty 0 4 

exec-timeout 120 0 
logging synchronous 
transport input ssh telnet 
password cisco 


A. Configure a user name and password on the device. 

B. Modify the default login authentication group to use the terminal line password. 

C. Remove the terminal line password on the console line. 

D. Modify the terminal lines to include transport input none. 

E. Configure the terminal lines to use the local user database. 

Answer: AB 


QUESTION 653 

Refer to the exhibit. Which log levels are enabled for the console? 


Rlfshov logging 

Syalog logging: enabled <0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled! 
No Active Message Discriminator. 

No Inactive Message Discriminator. 

Console logging: level informational, 47 messages logged, xml disabled, filtering disabled 
Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled 
Buffer logging: level debugging, 47 messages logged, xml disabled, filtering disabled 
Exception Logging: size <8192 bytes) 

Count and timestamp logging messages: disabled 
Persistent logging: disabled 

No active filter modules. 

Trap logging: level informational, 51 message lines logged 
Log Buffer <4096 bytes): 


A. informational only 

B. informational and debugging 
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C. informational, debugging, notifications, warnings, errors, critical, alerts, and emergencies 

D. informational, notifications, warnings, errors, critical, alerts, and emergencies 

Answer: D 


QUESTION 654 

External EIGRP route exchange on routers R1 and R2 was failing because the routers had 
duplicate router IDs. You changed the eigrp router-id command on R1, but the problem persists. 
Which additional action must you take to enable the routers to exchange routes? 

A. Change the corresponding loopback address. 

B. Change the router ID on R2. 

C. Reset the EIGRP neighbor relationship. 

D. Clear the EIGRP process. 

Answer: D 


QUESTION 655 

Which two BGP path attributes are visible in Wireshark? (Choose two.) 

A. weight 

B. AS path 

C. local preference 

D. route maps 

Answer: BC 


QUESTION 656 

Refer to the exhibit. If a Layer 3 switch running OSPF in a VRF-lite configuration reports this 
error, which action can you take to correct the problem? 


%CFIE-7-CFIB_EXCEFTIClI: FIE TCAM exception, Scir.e entries will be software switched 


A. Set mis cef maximum-routes in the global configuration. 

B. Add the vrf-lite capability to the OSPF configuration. 

C. Upgrade the Layer 3 switch to a model that can support more routes. 

D. Configure the control plane with a larger memory allocation to support the Cisco Express 
Forwarding Information Base. 

Answer: A 


QUESTION 657 

Which statement describes the effect of the configuration line redistribute maximum-prefix 1500 
90 withdraw? 

A. After the 1500th route is redistributed, a warning is posted in the log file and 90 more routes are 
redistributed before further routes are discarded. 
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B. After the 1350th route is redistributed, a warning is posted in the log file until the 1500th route is 
redistributed, and then further routes are discarded. 

C. After the 1500th route is redistributed, further routes are discarded only if the CPU is above 90%. 

D. The routing protocol receives 1500 routes. After the routing process has redistributed 90% of the 
routes, the process supernets routes and injects a NULL route to prevent black-hole routing. 

Answer: B 


QUESTION 658 

Which option is a correct match criteria for policy-based routing? 

A. length 

B. interface type 

C. interface 

D. cost 

Answer: A 


QUESTION 659 

Refer to the exhibit. How many LSDBs will router A have? 



Route rAjjf show run 
router ospf 2 

router-id 10.1.1.1 
1o g-adj ac ency-change s 
network 10.14.1.0 0.0.0.3 area 0 
network 10.14.1.4 0.0.0.3 area 2 
network 10.14.2.0 0.0.0.255 area 1 



Area 1 


r-j 

o 

c* 


A. 0 

B. 1 

C. 2 

D. 3 

Answer: D 
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QUESTION 660 

Which EIGRP configuration results in subsecond failover outside of the basic routing protocol 
convergence? 

A. bfd all-interfaces 

B. timers active-time disabled 

C. timers active-time 1 

D. timers nsf route-hold 20 

Answer: A 


QUESTION 661 

Which two options are requirements for Control-Plane Policing? (Choose two.) 

A. Cisco Express Forwarding must be enabled globally. 

B. Cisco Discovery Protocol must be disabled in the control plane. 

C. A crypto policy must be installed. 

D. A loopback address must be configured for device access. 

E. A class map must be configured to identify traffic. 

Answer: AE 


QUESTION 662 

In the DiffServ model, which class represents the highest priority with the lowest drop probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 

Answer: C 


QUESTION 663 

Which two statements about GLBP are true? (Choose two.) 

A. Packets are forwarded by multiple routers that share one virtual IP address. 

B. The active router forwards packets received on one virtual IP and MAC address. 

C. The standby router forwards packets when the active router fails. 

D. Hosts on the network are configured with multiple gateways for load balancing. 

E. Routers in a GLBP group can share multiple virtual MAC addresses. 

Answer: AE 


QUESTION 664 

Which trunking configuration between two Cisco switches can cause a security risk? 

A. configuring different native VLANs on the switches 

B. configuring different trunk modes on the switches 

C. configuring mismatched VLANs on the trunk 
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D. disabling DTP on the trunk ports 

E. configuring incorrect channel-groups on the switches 

Answer: A 


QUESTION 665 

Refer to the exhibit. Traffic from CE1 to CE2 is traveling through the core instead of through R1. 
All the PE routers have a similar configuration, and BGP peering and extended-community 
meshing are configured correctly. 


PE11 



PEI 2 


RIP' 




PE21 


PE22 


interface Fas tE the met 1/0 
description to BGP core 
ip address 152.168.1.14 255.255.255.252 
mpls ip 

interface FastEthernetl/1 
description to CE1 
ip vrf forwarding vrflOl 
ip address 172.16.4.1 255.255.255.0 

router rip 
version 2 
no auto-summary 
address-family ipv4 vrf vrflOl 
redistribute bgp 1 metric 1 
network 10.0.0.0 
no auto-summary 
version 2 

exit-address-family 



router bgp 65001 

no synchronization 
bgp log-neighbor-changes 
bgp redistribute-intemal 
no auto-summary 

address-family vpnv4 
exit-address-family 

address-family ipv4 vrf vrflOl 
redistribute rip 
no auto-summary 
no synchronization 
exit-address-family 


Which configuration change routes the traffic through R1 ? 


router rip 

address-family ipv4 vrf vrflOl 

redistribute bgp 1 metric 1 route-map bgp-to-rip 
router bgp 1 

address-familv ipv4 vrf vrflOl 
redistribute rip route-map rip-to-bgp 
route-map bgp-to-rip permit 10 
set tag 24 

route-map rip-to-bgp deny 10 
match tag 24 

route-map rip-to-bgp permit 20 
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B. 

router rip 

address-family ipv4 vrf vrflOl 

redistribute bgp 1 metric 1 route-map rip-to-bgp 
router bgp 1 

address-family ipv4 vrf vrf101 
redistribute rip route-map bgp-to-rip 
route-map bgp-to-rip permit 10 
set tag 24 

route-map rip-to-bgp deny 10 
match tag 24 

route-map rip-to-bgp permit 20 


C. 

router rip 

address-family ipv4 vrf vrflOl 

redistribute bgp 1 metric 1 route-map bgp-to-rip 
router bgp 1 

address-family ipv4 vrf vrflOl 
redistribute rip route-map rip-to-bgp 
route-map bgp-to-rip permit 10 
set tag 24 

route-map rip-to-bgp deny 10 
match tag 24 


D. 

router rip 

address-family ipv4 vrf vrflOl 

Redistribute bgp 1 metric 1 route-map bgp-to-rip 
router bgp 1 

address-family ipv4 vrf ^/rflOl 
redistribute rip route-map rip-to-bgp 
route-map bgp-to-rip permit 10 
set tag 24 

route-map rip-to-bgp permit 10 
match tag 24 

route-map rip-to-bgp deny 20 


Answer: A 


QUESTION 666 

A floating static route appears in the routing table of an interface even when the interface is 
unusable. 

Which action can you take to correct the problem? 

A. Remove the permanent option from the static route. 

B. Correct the administrative distance. 

C. Configure the floating static route to point to another route in the routing table. 

D. Correct the DHCP-provided route on the DHCP server. 

Answer: A 
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QUESTION 667 

Which two statements about redistribution are true? (Choose two.) 

A. EIGRP requires the route to have a default metric defined. 

B. EIGRP and OSPF use their router IDs to prevent loops. 

C. When OSPF is redistributed into IS-IS, the default metric must be configured under the IS-IS 
process. 

D. When traffic is redistributed into OSPF, the subnets command is needed to redistribute classful 
subnets. 

E. The default seed metric for OSPF redistributed routes is 30. 

Answer: AB 


QUESTION 668 

Which LSA type is associated with the default route in a totally stubby area? 

A. interarea-prefix LSA for ABRs (Type 3) 

B. autonomous system external LSA (Type 5) 

C. router LSA (Type 1) 

D. interarea-router LSAs for ASBRs (Type 4) 

Answer: A 


QUESTION 669 

Which statement about NAT64 is true? 

A. NAT64 provides address family translation and translates IPv4 to IPv6 and IPv6 to IPv4. 

B. NAT64 provides address family translation and can translate only IPv6 to IPv4. 

C. NAT64 should be considered as a permanent solution. 

D. NAT64 requires the use of DNS64. 

Answer: A 


QUESTION 670 

Which two statements about BGP loop prevention are true? (Choose two.) 

A. Advertisements from PE routers with per-neighbor SOO configured include a Site of Origin value 
that is equal to the configured value of the BGP peering. 

B. If the configured Site of Origin value of a BGP peering is equal to the Site of Origin value on a 
route it receives, route advertisement is blocked to prevent a route loop. 

C. AS-override aids BGP loop prevention, but alternate loop prevention mechanisms are also 
necessary. 

D. Advertisements from the neighbors a BGP peering include a Site of Origin value that is separate 
from the configured value of the BGP peering. 

E. If the configured Site of Origin value of a BGP peering is greater than the Site of Origin value on a 
route it receives, route advertisement is blocked to prevent a route loop. 

F. If the configured Site of Origin value of a BGP peering is equal to the Site of Origin value on a 
route it receives, route advertisement is permitted. 

Answer: AB 
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QUESTION 671 

Which option is the default point of insertion for the BGP cost community? 

A. before best path calculation 

B. after best path calculation 

C. after the IGP metric comparison 

D. after the router ID comparison 

Answer: C 


QUESTION 672 

Refer to the exhibit. Which BGP feature allows R1 to send R2 a list of prefixes that R2 is 
prevented from advertising to R1 ? 



A. route refresh 

B. Prefix-Based Outbound Route Filtering 

C. distribute lists 

D. prefix lists 

Answer: B 


QUESTION 673 

Refer to the exhibit. Which type of BGP peer is 192.168.1.1? 
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Rl#show ip bgp neighbor 192.168.1.1 

BGP neighbor is 192.168.1.1, remote AS 64496, external link 
BGP version 4, remote router ID 192.168.1.1 
Neighbor under common administration 
BGP state = Established, up for 00:00:10 

Last read 00:00:10, last write 00:00:10, hold time is 180, keep alive interval is 60 seconds 
Neighbor capabilities: 

Route refresh: advertised and received(old s new) 

Address family IPv4 Unica3t: advertised and received 


Message statistics: 

InQ depth is 0 
OutQ depth is 0 

Sent Rcvd 

Opens: 1 1 

Notifications: 0 0 

Updates: 0 0 

Keepalives: 1 1 

Route Refresh: 0 0 

Total: 2 2 


Default minimum time between advertisement runs is 30 seconds 


A. route reflector client 

B. iBGP 

C. confederation 

D. VPNv4 

Answer: C 


QUESTION 674 

Which option describes what the default RT filter indicates when you implement the BGP RT 
constrained route distribution feature? 

A. A peer receives only a default route for each VRF. 

B. A peer receives all routes, regardless of the RT value. 

C. A peer receives routes only for RTs that are used on that router. 

D. A peer receives no routes, regardless of the RT value. 

Answer: B 


QUESTION 675 

Refer to the exhibit. Which BGP feature is being used? 


RT: del 10.2.2.2/32 via 192.168.1.2, C3pf metric [110/2] 

RT: delete subnet route tc 10.2.2.2/32 
RT: NET-RED 10.2.2.2/32 

RT: Try lockup less specific 10.2.2.2/32, default 1 
RT: Failed found subnet on less specific 
RT: return NULL 

%BGP-5-ADJCHAN3E: neighbor 10.2.2.2 Down Route to peer lost 


A. fast session deactivation 

B. graceful restart 
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C. PIC 

D. graceful shutdown 

Answer: A 


QUESTION 676 

Refer to the exhibit. Which two issues can cause the interface VLAN10 to be down/down? 
(Choose two.) 


SWl# show interface I include VlanlO is 
interface VlaniO is down, line protocol is down 


A. The VLAN is inactive or has been removed from the VLAN database. 

B. STP is in a forwarding state on the port. 

C. A Layer 2 access port is configured with VLANIO, but is in a down/down state. 

D. The autostate exclude feature was used on interface VLANIO. 

Answer: AC 


QUESTION 677 

Refer to the exhibit. Which two statements about this configuration are true? (Choose two.) 



FaO/22 


FaO/21 



SWl 

vlan 10 
vlan 200 

interface vlan 10 

ip address 172.25.1.1 255.255.255.0 
interface fal/0/21 

svitchport trunk encapsulation dotlq 

svitchport mode trunk 

svitchport trunk alloved vlan add 200 

interface fal/0/22 

svitchport trunk encapsulation dotlq 

svitchport mode trunk 

svitchport trunk alloved vlan add 200 


SW2 

vlan 10 
vlan 200 

interface vlan 10 

ip address 172.25.1.2 255.255.255.0 
interface fal/0/21 

svitchport trunk encapsulation dotlq 
svitchport mode trunk 

svitchport trunk alloved vlan add 200, 10 
interface fal/0/22 

svitchport trunk encapsulation dotlq 
svitchport mode trunk 

svitchport trunk alloved vlan add 200, 10 


A. Pings from SW2 to SWl fail because SWl is pruning VLAN 10. 

B. VLANs 10 and 200 are added to the SW2 allowed list on interface faO/22. 

C. Pings from SW2 to SWl are successful. 

D. Only VLAN 200 is added to the SWl allowed list on interface faO/22. 
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Answer: BC 


QUESTION 678 

Refer to the exhibit. Which two conditions can cause this error message to be displayed on the 
console? (Choose two.) 


H PM-4-EPPv_DISABLE: channel-misconfig error detected on Pol, putting faO/12 in err-disable state 


A. The EtherChannel is configured as desirable on both ends. 

B. The port-channel on the adjacent device is misconfigured. 

C. There is a speed and duplex mismatch on interface faO/12. 

D. The EtherChannel is configured as auto on one of the interfaces. 

Answer: BC 


QUESTION 679 

Which three statements about RIPng are true? (Choose three.) 

A. It supports route tags. 

B. It sends updates on FF02::9. 

C. Its RTE last byte is OXFF. 

D. It supports authentication. 

E. It sends updates on UDP port 520. 

F. It can be used on networks of greater than 15 hops. 

Answer: ABC 


QUESTION 680 

Which option is the result if two adjacent routers are configured for OSPF with different process 
IDs? 

A. The routers are unable to establish an adjacency. 

B. The routers establish an adjacency, but route exchange fails. 

C. The routers establish an adjacency and exchange routes, but the routes are unreachable. 

D. The routers establish an adjacency and exchange routes, and the routes are reachable. 

Answer: D 


QUESTION 681 

Which two commands enable OSPF graceful shutdown? (Choose two.) 

A. nsf cisco 

B. ip ospf shutdown 

C. shutdown 

D. nsf ietf helper disable 
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Answer: BC 


QUESTION 682 

Which object tracking function tracks the combined states of multiple objects? 

A. application 

B. interface 

C. stub-object 

D. list 

Answer: D 


QUESTION 683 

Which two options are EEM policies? (Choose two.) 

A. applets 

B. event detectors 

C. scripts 

D. syslogs 

E. actions 

Answer: AC 


QUESTION 684 

Which two metrics are measured with active probes when PfR voice traffic optimization is in use? 
(Choose two.) 

A. MOS 

B. cost 

C. jitter 

D. bandwidth 

Answer: AC 


QUESTION 685 

Which statement about NAT64 is true? 

A. It uses one-to-one mapping between IPv6 addresses and IPv4 addresses. 

B. It requires static address mapping between IPv6 addresses and IPv4 addresses. 

C. It can be used to translate an IPv6 network to another IPv6 network. 

D. It can be configured for stateless and stateful translation. 

Answer: D 


QUESTION 686 

Which three statements about the differences between Cisco IOS and IOS-XE functionality are 
true? (Choose three.) 
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A. Only IOS-XE Software can host applications outside of the IOS context. 

B. Only the IOS-XE Services Plane has multiple cores. 

C. Only the IOS-XE Data Plane has multiple cores. 

D. Only the IOS-XE Control Plane has multiple cores. 

E. Only IOS-XE module management integrates with packet processing. 

F. Only IOS-XE configuration and control is integrated with the kernel. 

Answer: ABC 


QUESTION 687 

While troubleshooting an issue for a remote user, you must capture the communication between 

the user's computer and a server at your location. The traffic passes through a Cisco IOS-XE 

capable switch. Which statement about obtaining the capture is true? 

A. The Embedded Packet Capture application in the IOS-XE Software can capture the packets, but 
there is a performance impact. 

B. The Embedded Packet Capture application in the IOS-XE Software can capture the packets 
without impacting performance. 

C. The Mini Protocol Analyzer embedded in the IOS-XE Software can capture the packets without 
impacting performance. 

D. The Mini Protocol Analyzer embedded in the IOS-XE Software can be used to capture the 
packets, but there is a performance impact. 

E. Wireshark can capture packets through a SPAN port, but there is a performance impact. 

Answer: A 


QUESTION 688 

Which two actions can you take to recover an interface in a errdisable state? (Choose two.) 

A. Enable UDLD on the switch. 

B. Enable errdisable recovery on the switch. 

C. Execute the shutdown command on the interface, followed by the no shutdown command. 

D. Remove the related commands from the configuration and reenter them. 

E. Enable loop guard on the switch. 

Answer: BC 


QUESTION 689 

Which three protocols support SSM? (Choose three.) 

A. IGMPv2 

B. IGMPv3 

C. IGMP v3lite 

D. URD 

E. CGMP 

F. IGMPvl 

Answer: BCD 
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QUESTION 690 

Which additional feature must be enabled on a switch to allow PIM snooping to function 
correctly? 

A. IGMP snooping 

B. port security 

C. storm control 

D. dynamic ARP inspection 

Answer: A 


QUESTION 691 

Which protocol uses a proprietary 2-byte Type field for multiple protocol support? 

A. HDLC 

B. PPP 

C. CHAP 

D. PAP 

Answer: A 


QUESTION 692 

Refer to the exhibit. Which command can you enter to resolve this error message on a peer 
router? 


CHAP: Unable zc validate Response. Username <username> not found. 


A. username <username> password <password> 

B. ppp chap <hostname> 

C. aaa authorization exec if-authenticated 

D. aaa authorization network if-authenticated 

Answer: A 


QUESTION 693 

Refer to the exhibit. R2 is configured as the R1 neighbor in area 51, but R2 fails to receive the 
configured summary route. Which action can you take to correct the problem? 
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R1 

interface LoopbackO 

ip address 10.1.1.1 255.255.255.0 
ip ospf 1 area 0 
ip ospf network pcint-tc-pcint 
interface SigabitEthernetO/O 

ip address 192.165.252.1 255.255.255.252 
ip C3p f 1 ares 0 
interface SigabitEthernetl/Q 

ip address 172.16.252.1 255.255.255.252 
ip ospf 1 area 51 
router ospf 1 

router-id 10.1.1.1 

summary-address 192.168.0.0 255.255.0.0 


A. Replace the summary-address command with the area-range command. 

B. Configure a summary address under R1 interface GigabitEthernet0/0. 

C. Configure a summary address under R1 interface GigabitEthernetl/0. 

D. Configure the no discard-route command in the OSPF process of R1. 

E. Configure ip ospf network broadcast under the LoopbackO interface of R1. 

Answer: A 


QUESTION 694 

Which two descriptions of the keying mechanisms that are used to distribute the session keys 
used in routing authentication are true? (Choose two.) 

A. Peer keying creates a unique one-to-one relationship with another peer. 

B. Group keying creates a single keying message to multiple peers. 

C. Peer keying creates a single keying message to multiple peers. 

D. Group keying creates a unique one-to-one relationship with another peer. 

E. Group keying creates a full mesh of keying sessions to all devices. 

F. Peer keying creates a full mesh of keying sessions to all devices. 

Answer: AB 


QUESTION 695 

How many address families can a single OSPFv3 instance support? 

A. 1 

B. 2 

C. 5 

D. 10 

Answer: A 


QUESTION 696 

Which two conditions must be met by default to implement the BGP multipath feature? (Choose 
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two.) 

A. The next-hop routers must be the same. 

B. Route reflectors must be enabled. 

C. All attributes must have the same values. 

D. MPLS must be enabled. 

E. The next-hop routers must be different. 

Answer: CE 


QUESTION 697 

Which two statements about LDP advertising when Explicit Null is in effect are true? (Choose 
two.) 

A. Penultimate hop popping is disabled. 

B. Penultimate hop popping is enabled. 

C. It is the default behavior for LDP. 

D. It is used for the advertisement of static routes. 

E. It is used for the advertisement of connected routes. 

Answer: AE 


QUESTION 698 

You are configuring a DMVPN hub to perform CBWFQ on a per-spoke basis. Which information 
is used to identify the spoke? 

A. the NHRP network ID 

B. the spoke tunnel source IP 

C. the spoke tunnel interface IP address 

D. the NHRP group 

Answer: D 


QUESTION 699 

Which option is true about output policing for the control plane? 

A. It improves router performance by limiting traffic sent to the control plane. 

B. It improves router performance by limiting traffic sent from the control plane. 

C. It improves router performance by limiting traffic sent to and from the control plane. 

D. It controls traffic originated from the router. 

Answer: D 


QUESTION 700 

Which two types of traffic are blocked when the storm control threshold for multicast traffic is 
reached on a port? (Choose two.) 

A. BPDU 

B. OSPF 
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C. CDP 

D. IS-IS 

E. LLDP 

Answer: BD 


QUESTION 701 

Which two options are contained in the MSG part of a syslog message? (Choose two.) 

A. TAG field 

B. CONTENT field 

C. three-digit priority value 

D. IP address of the sending device 

E. TLS port number 

Answer: AB 


QUESTION 702 

Which two values are needed to configure NTP authentication? (Choose two.) 

A. the encryption method 

B. the key number 

C. the burst mode 

D. the key string 

E. the Diffie-Hellman group 

Answer: BD 


QUESTION 703 

You are configuring a DHCPv6 client for a DHCPv6 server with the prefix delegation feature. 

Which option is a result of the interface configuration when you enter the command ipv6 address 
autoconfig default? 

A. a static IPv6 default route pointing to the upstream DHCP server 

B. a static IPv6 default route pointing to the upstream DHCP relay 

C. a static IPv6 default route pointing to the upstream router 

D. a temporary stateless address, formed from the EUI-64 bit address and the prefix from the route 

advertisement of the upstream router 

Answer: A 


QUESTION 704 

Refer to the exhibit. You are bringing a new MPLS router online and have configured only what is 
shown to bring LDP up. Assume that the peer has been configured in a similar manner. 

You verify the LDP peer state and see that there are no neighbors. 

What will the output of show mpls Idp discovery show? 
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interface LoopbacJc25 
ip address 25.25.25.1 255.255.255.255 

i 

interface Ethernet0 /j 
ip address ISC.168.12.1 255.255.255.252 
mpls ip 


A. Interfaces: 

Ethernet0/0 (Idp): xmit 

B. Interfaces: 

EthernetO/O (Idp): xmit/recv 

LDP Id: 25.25.25.2:0; IP addr: 192.168.12.2 

C. Interfaces: 

EthernetO/O (Idp): xmit/recv 
LDP Id: 192.168.12.2:0; no route 

D. Interfaces: 

EthernetO/O (Idp): xmit/recv 
LDP Id: 25.25.25.2:0; no route 

Answer: D 


QUESTION 705 

Which three features are common to OSPF and IS-IS? (Choose three.) 

A. They both maintain a link-state database from which a Dijkstra-based SPF algorithm computes 
shortest path tree. 

B. They both use DR and BDR in the broadcast network. 

C. They both use hello packets to form and maintain adjacencies. 

D. They both use NSSA and stub type areas to scale the network design. 

E. They both have areas to form a two-level hierarchical topology. 

Answer: ACE 


QUESTION 706 

Refer to the exhibit. Which two commands are required on R3 in order for MPLS to function? 
(Choose two.) 
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LoopbackO 

3.3.3.3/32 


LoopbackO FaO/O LoopbackO 

2.2.2.2/32 p 1 \ 4.4.4.4/32 



OSPF 

MPLS 


FaO/O FaO/O 
10.1.45.0/24 


LoopbackO 



CE 


A. mpls ip 

B. ip cef 

C. mpls label protocol tdp 

D. mpls ip propagate-ttl 

Answer: AB 


QUESTION 707 

Which two statements about the assert process in LAN-based PIM are true? (Choose two.) 

A. If the metrics are the same, the router with the lowest advertised routing protocol metric for that 
route is elected. 

B. If the metrics are the same, the router with the highest IP address on the LAN is elected. 

C. If the metrics are the same, the router with the highest advertised routing protocol metric for that 
route is elected. 

D. If the metrics are the same, the router with the lowest IP address on the LAN is elected. 

Answer: AB 


QUESTION 708 

Which two options are the two underlying protocols on which a DMVPN relies? (Choose two.) 

A. IPsec 

B. NHRP 

C. GDOI 

D. ISAKMP 

E. SSL 

F. NLRI 

Answer: AB 
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QUESTION 709 

Which three parameters must match to establish OSPF neighbor adjacency? (Choose three.) 

A. the process ID 

B. the hello interval 

C. the subnet mask 

D. authentication 

E. the router ID 

F. the OSPF interface priority 

Answer: BCD 


QUESTION 710 

Which IP SLA operation type uses IP to measure the round-trip time between a router and a 
device? 

A. HTTP 

B. ICMP Echo 

C. ICMP Path Jitter 

D. UDP Jitter for VoIP 

Answer: B 


QUESTION 711 

What are two reasons to use the ip ospf database filter all out command? (Choose two.) 

A. to maintain a centralized OSPF database on a single master device 

B. to avoid flooding LSAs on low-speed links 

C. to ensure a consistent OSPF database across the network 

D. to selectively filter OSPF routes without disrupting the SPF algorithm 

E. to filter only type 7 LSAs from an OSPF area 

F. to enable OSPF to send triggered updates 

Answer: AB 


QUESTION 712 

On a broadcast interface, which two OSPF states support BFD sessions? (Choose two.) 

A. DR 

B. BDR 

C. DROTHER 

D. 2WAY 

E. FULL 

F. ACTIVE 

Answer: AB 


QUESTION 713 
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Which two statements about BGP best-path selection are true? (Choose two.) 

A. The route with the highest local preference is preferred. 

B. The weight attribute is advertised to peers. 

C. The route with the lowest MED is preferred. 

D. A route that originates from iBGP peers is preferred. 

E. A route that originates from a router with a higher BGP router ID is preferred. 

F. The lowest weight advertised is preferred. 

Answer: AC 


QUESTION 714 

The no ip unreachables command is configured on interfaces to protect the control plane of a 
router. 

Which mechanism is impacted by using this command? 

A. ICMP redirects 

B. path MTU discovery 

C. source routing 

D. ICMP router discovery protocol 

Answer: B 


QUESTION 715 

Refer to the exhibit. The customer wants to use IP SLA to create a failover to ISP2 when both 
Ethernet connections to ISP1 are down. The customer also requires that both connections to 
ISP1 are utilized during normal operations. 



Which IP route configuration accomplishes these requirements for the customer? 


A. 


B. 


C. 


D. 


ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 2 
ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 3 
ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 2 
ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 4 100 
ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 2 
ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 3 100 
ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 1 
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 2 2 
ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 3 3 
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Answer: C 


QUESTION 716 

Which statement describes what it means if a router has an OSPF priority set to 0? 

A. A router with the OSPF priority set to 0 is one that can participate in the election of a DR. It has 
the highest priority. 

B. A router with the OSPF priority set to 0 is one that cannot participate in the election of a DR, but it 
can become a BDR 

C. A router with the OSPF priority set to 0 is one that cannot participate in the election of a DR. It 
can become neither a DR nor a BDR. 

D. A router with the OSPF priority set to 0 is one that cannot participate in the election of a BDR, but 
it can become a DR 

Answer: C 


QUESTION 717 

What is the maximum number of classes that MQC can support in a single policy map? 

A. 512 

B. 256 

C. 128 

D. 64 

Answer: B 


QUESTION 718 

Drag and Drop Question 

Drag each IPv6 extension header on the left to its corresponding description on the right. 


AH 


Specifies the path for a datagram. 



Destination 


Carries encrypted data. 



ESP 


Specifies the parameters used to split datagrams. 



Fragment 


Carries authentication information. 



Hop-by-Hop 


Specifies options to be examined only at the final 
device. 



Routing 


Specifies options to be examined by all devices. 


Answer: 
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AH 

Routing 



Destination 


ESP 



ESP 


Fragment 



Fragment 


AH 



Hop-by-Hop 

Destination 



Routing 


Hop-by-Hop 

QUESTION 719 

Drag and Drop Question 

Drag each traceroute text character on the left to its meaning on the right. 

* 


The port is unreachable. 



? 


The probe timed out. 



A 


The protocol is unreachable. 



P 


Unknown packet type. 



Q 


The destination is too busy. 



u 


Prohibited. 

Answer: 
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* 


U 



? 

* 



A 1 

P 



p 


? 



Q 

Q 



u 

A 

QUESTION 720 

Drag and Drop Question 

Drag and drop each IPv6 neighbor discovery message type on the left to the corresponding 
description on the right. 

neighbor redirect 


The message a node uses to share its link-layer 
address 



router solicitation 


The message a node uses to notify hosts on the 
link of a better first-hop for a destination 



router advertisement 


The message a node uses to discover the link-local 
addresses of other nodes on the link 



neighbor advertisement 


The message a node uses to share information 
about its status and its local prefixes 



neighbor solicitation 


The message a host sends when it starts up, 
requesting local routers to transmit information 

Answer: 
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neighbor redirect 

neighbor advertisement 



router solicitation 

neighbor redirect 



router advertisement 


neighbor solicitation 



neighbor advertisement 


router advertisement 



neighbor solicitation 


router solicitation 


QUESTION 721 

Drag and Drop Question 

Drag and drop each BGP feature on the left to the corresponding function it performs on the right. 


peer session templates 


Applies configuration commands to a group of 
neighbors 



peer policy templates 


Separates updates from configurations, allowing 
groups to 



peer groups 


Supports the configuration of a group of neighbors 
by defining 



BGP Dynamic Update Peer-Groups 


Applies configuration commands to a group of 
neighbors 



BGP dynamic neighbors 


Creates a group of neighbors in the same address 
family that 


Answer: 


peer session templates 


peer session templates 



peer policy templates 


BGP Dynamic Update Peer-Groups 



peer groups 

BGP dynamic neighbors 



BGP Dynamic Update Peer-Groups 


peer policy templates 



BGP dynamic neighbors 


peer groups 
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QUESTION 722 

Drag and Drop Question 

Drag and drop each DHCP term on the left to the corresponding definition on the right. 


client identifier 


The mapping of a MAC address and an IP address. 



address binding 


An address reserved for use by devices with static IP 
addresses. 



excluded address 


The value used to forward DHCP requests to remote 

servers. 



DHCP pool 


The hexadecimal value assigned to a host. 



ip helper-address 


A group of dynamic addresses. 

Answer: 


client identifier 


address binding 



address binding 


excluded address 



excluded address 


ip helper-address 



DHCP pool 


client identifier 



ip helper-address 


DHCP pool 


QUESTION 723 

Drag and Drop Question 

Drag and drop each step of the Unicast RPF process on the left into the correct order on the right. 
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Unicast RPF performs a CEF table lookup for packet 
forwarding. 


1 



Unicast RPF performs a reverse lookup of the return 
path in 


2 



The packet is received on the interface. 


3 



The output ACL is checked on the forwarding 
interface. 


4 



The packet is forwarded. 


5 



The packet is checked against the inbound ACL. 


6 

Answer: 


:Unicast RPF performs a CEF table lookup for packet 
forwarding. 


The packet is received on the interface. 



Unicast RPF performs a reverse bokup of the return 
_oathin_ 


The packet is checked against the inbound ACL. 



The packet is received on the interface. 


Unicast RPF performs a reverse lookup of the return 
path in 



The output ACL is checked on the forwarding 
interface. 


Unicast RPF performs a CEF table lookup for packet 
forwarding. 



The packet is forwarded. 


The output ACL is checked on the forwarding 
interface. 



The packet is checked against the inbound ACL. 


The packet is forwarded. 


QUESTION 724 

Drag and Drop Question 

Drag and drop the SNMP element on the left to the corresponding definition on the right. 
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Get 


an inquiry for a MIB-leaf variable 



GetNext 


a reply to a request 



GetBulk 


a router request for a single variable's value 



Response 


a single inquiry for multiple, consecutive MIB variables 

Answer: 


Get 

GetNext 



GetNext 


Response 



GetBulk 


Get 



Response 


GetBulk 

QUESTION 725 

Drag and Drop Question 

Drag and drop each PHB on the left to the functionality it performs on the right. 

Default 


Provides low-latency, low-loss, low-jitter, and assured 
handwidth service. 



Expedited Forwarding 


Provides backward compatibility with IP-precedence. 



Assured Forwarding 


Assigns best effort service to the packet. 



Class Selector 


Defines classes for traffic allocation 

Answer: 
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Default 


Expedited Forwarding 



Expedited Forwarding 


Class Selector 



Assured Forwarding 


Default 

Class Selector 


Assured Forwarding 


QUESTION 726 

Drag and Drop Question 

Drag and drop each policy command on the left to the function it performs on the right. 


bandwidth 


Enables CBWFQ. 



random-detect 


Configures the queuing of excess traffic for later 
transmission. 



service-policy 


Configures the dropping of excess traffic when a 
maximum rate 



police 


Enables WFQ. 



shape 


Enables a traffic policy on an interface. 



fair-queue 


Enabled WRED or DWRED. 


Answer: 
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QUESTION 727 

Which topology allows the split-horizon rule to be safely disabled when using EIGRP? 

A. full mesh 

B. partial mesh 

C. hub and spoke 

D. ring 

Answer: C 


QUESTION 728 

Which two statements about VPLS are true? (Choose two.) 

A. Split horizon is used on PE devices to prevent loops. 

B. Spanning tree is extended from CE to CE. 

C. IP is used to switch Ethernet frames between sites. 

D. PE routers dynamically associate to peers. 

E. VPLS extends a Layer 2 broadcast domain. 

Answer: AE 


QUESTION 729 

Which two statements about redistribution are true? (Choose two.) 

A. When BGP traffic is redistributed into OSPF, the metric is set to 1 unless the metric is defined. 

B. When EIGRP routes on a CE are redistributed through a PE into BGP, the Cost Community POI 
is set automatically. 

C. When OSPF traffic is redistributed into BGP, internal and external routes are redistributed. 

D. When BGP traffic is redistributed into OSPF, eBGP and iBGP routes are advertised. 

E. iBGP routes automatically redistribute into the IGP if the routes are in the routing table. 

F. When EIGRP traffic is redistributed into BGP, a default metric is required. 
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Answer: AB 


QUESTION 730 

Refer to the exhibit. The two standalone chassis are unable to convert into a VSS. What can you 
do to correct the problem? 



S2 



si# 

redundancy 
mode sso 

switch virtual domain 200 
switch 1 

interface port-channel 200 
switch virtual link 1 
no shutdown 

interface range TenGigabitE the met 3/1-2 
channel-group 200 mode on 
no shutdown 


S2# 

redundancy 
mode sso 

switch virtual domain 200 
switch 2 

interface port-channel 200 
switch virtual link 2 
no shutdown 

interface range TenGigabitEthemet3/1-2 
channel-group 200 mode on 
no shutdown 


A. Set a different port channel number on each chassis. 

B. Set a different virtual domain ID on each chassis. 

C. Set the redundancy mode to rpr on both chassis. 

D. Add two ports to the port channel group. 

Answer: A 


QUESTION 731 

Drag and Drop Question 

Drag and drop each MLPPP command on the left to the function it performs on the right. 
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ppp phc max-period 


Configures settings for CoS negotiations with a peer. 



ppp Icp predictive 


Sets the LCP state to reduce negotiation times. 



ppp microcode 


Sets a trigger condition for LCP renegotiation on an 
LNS. 



ppp mm match 


Limits the number of compressed packets that the 
device sends before the header. 



ppp muMnk multiclass local 


Sets the reorder buffer size. 



ppp multink sippage 


Configures PPP framing on asynchronous interfaces. 

Answer: 


ppp iphc max-period 


ppp multilink multiclass local 



ppp Icp predictive 


ppp Icp predictive 



ppp microcode 

ppp mru match 



ppp mru match 


ppp iphc max-period 



ppp multilink multiclass local 


ppp multilink slippage 



ppp multilink slippage 


ppp microcode 


QUESTION 732 

Which three address family types does EIGRP support? (Choose three.) 


A. IPv4 unicast 

B. IPv4 multicast 

C. IPv6 unicast 

D. IPv6 multicast 

E. IPv4 anycast 

F. IPv6 anycast 

Answer: ABC 


QUESTION 733 
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Which two values must be identical to allow IS-IS devices to become neighbors? (Choose two.) 

A. interface MTU 

B. authentication key 

C. IP MTU 

D. CLNS address 

E. NSEL 

F. area ID 

Answer: AB 


QUESTION 734 

Which Layer 2 tunneling technique eliminates the need for pseudowires? 

A. OTV 

B. L2TPv3 

C. AToM 

D. VPLS 

Answer: A 


QUESTION 735 

Which two application protocols require application layer gateway support when using NAT on a 
Cisco router? (Choose two.) 

A. SIP 

B. HTTP 

C. FTP 

D. SMTP 

E. POP3 

Answer: AC 


QUESTION 736 

Which three options must be configured when deploying OSPFv3 for authentication? (Choose 
three.) 

A. security parameter index 

B. crypto map 

C. authentication method 

D. IPsec peer 

E. encryption algorithm 

F. encryption key 

G. IPsec transform-set 

H. authentication key 

Answer: ACH 
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QUESTION 737 

Which two statements about IOS and IOS XE are true? (Choose two.) 

A. IOS XE can upgrade and restart applications independently of IOS. 

B. Only IOS uses the FFM to provide separation between the control plane and the data plane. 

C. IOS XE provides improved functionality and an enhanced Ul. 

D. Only IOS runs as a single daemon within the Linux OS. 

E. IOS XE provides additional system functions that run as multiple separate processes in the OS. 

Answer: AE 


QUESTION 738 

An NSSA area has two ABRs connected to Area 0. Which statement is true? 

A. Both ABRs translate Type-7 LSAs to Type-5 LSAs. 

B. The ABR with the highest router ID translates Type-7 LSAs to Type-5 LSAs. 

C. Both ABRs forward Type-5 LSAs from the NSSA area to backbone area. 

D. No LSA translation is needed. 

Answer: B 


QUESTION 739 

Which two options are requirements to implement 6VPE? (Choose two.) 

A. MPLS between PEs 

B. 6-in-4 tunnels between PEs 

C. MP-BGP VPNv6 exchange 

D. MP-BGP IPv6+label exchange 

E. Any Transport over MPLS 

F. IPv4/IPv6 dual-stack in core 

Answer: AC 


QUESTION 740 

Refer to the exhibit. All routers are running EIGRP and the network has converged. R3 and R4 
are configured as EIGRP Stub, if the link between R1 and R3 goes down, which statement is 
true? 
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EIGRP 


R3 

(Stub) 



192.168.0.0/24 


R4 

(Stub) 


A. R1 sends traffic destined to 192.168.0.100 via R2. 

B. R2 does not have a route to 192.168.0.0/24 in the routing table. 

C. The prefix 192.168.0.0/24 becomes stuck-in-active on R4. 

D. R3 does not advertise 192.168.0.0/24 to R4 anymore. 

Answer: B 


QUESTION 741 

Which three options are characteristics of a Type 10 LSA? (Choose three.) 

A. It is an area-local, opaque LSA. 

B. Data is flooded to all routers in the LSA scope. 

C. It is used for traffic-engineering extensions to OSPF. 

D. It is a link-local, opaque LSA. 

E. Data is flooded only to the routers in the LSA scope that understand the data. 

F. It is used for traffic-engineering extensions to LDP. 

Answer: ABC 


QUESTION 742 

Drag and Drop Question 

Drag each SNMP term on the left to the matching definition on the right. 
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Agent 


An operation that retrieves object variables. 



Get 


An operation that retrieves unsolicited information 
from an aqent. 



Manager 


A system that monitors and controls the activities of 
network hosts. 



MIB 


An operation that modifies object variables. 



Notification 


A software component that mantams and reports 
data. 



Set 


A virtual storage area for managed objects. 


Answer: 


Agent 


Get 



Get 

Notification 



Manager 


Manager 



MIB 


Set 



Notification 


Agent 

Set 


MIB 


QUESTION 743 

Refer to the exhibit. Which two statements about this capture are true? (Choose two.) 


Rifshow monitor capture status 

Load Cor five secs: 0%/Q\; one minute: 0\; five minutes: 0% 


capture state : ON 

[running for 00:03:26.860] 


capture mode 
Number of packets 
captured 
dropped 
received 


Circular [wrap count = 0 ] 

201 

0 

S51 


Capture will stop after 00:01:33 
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A. It is set to run for five minutes. 

B. It continues to capture data after the buffer is full. 

C. It is set to run for a period of 00:03:26. 

D. It captures data only until the buffer is full. 

E. It is set to use the default buffer type. 

Answer: AB 


QUESTION 744 

Drag and Drop Question 

Drag each AF class on the left to its matching DSCP binary value on the right. 



Answer: 





QUESTION 745 

Which three types of address-family configurations are supported in EIGRP named mode? 
(Choose three.) 

A. address-family ipv4 unicast 

B. address-family vpnv4 
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C. address-family ipv6 unicast 

D. address-family ipv6 multicast 

E. address-family vpnv6 

F. address-family ipv4 multicast 

Answer: ACF 


QUESTION 746 

Refer to the exhibit. Which three statements about the device with this configuration are true? 
(Choose three.) 


»TCP-6-BADAOTH: Invalid MBS digest from 172.16.129.4(179) to 172.16.129.7(43766) tableid - 0 

BGP: tbl IPv4 Unicast:baae Service reset requests 

BOP: tbl IPv4 MDT:base Service reset requests 

BSP: tbl VPNv4 Unicast:base Service reset requests 

BGP: tbl IPv4 Multicast:base Service reset requests 


A. Multiple AFIs are configured on the device. 

B. The authentication on 172.16.129.7 is configured incorrectly. 

C. The device is configured to support MPLS VPNs. 

D. This device is configured with a single AFI. 

E. The authentication on 172.16.129.4 is configured incorrectly. 

F. The device is configured to support L2VPNs. 

Answer: ABC 


QUESTION 747 

Refer to the exhibit. Which configuration must you apply to router R2 to enable BFD? 



Io0 10.255 255.2/32 


R1 

interface loopbackO 

10.255.255.1 255.255.255.255 

interface ethernet 0/0 

ip address 10.1.1.1 255.255.255.0 

bfd interval 400 im_rx 400 Multiplier 4 

ip route static bfd ethernet 0/0 10.1.1.2 

ip route 10.0.0.0 255.0.0.0 ethernet 0/0 10.1.1.2 


interface Ethernet 0/0 
ip address 10.1.1.2 255.255.255.0 
bfd interval 400 am_rx 400 multiplier 4 
ip route static bfd Ethernet 0/0 10.1.1.1 

ip route 10.255.255.2 255.255.255.255 ethernet 0/0 10.1.1.1 
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B. 


C. 


D. 


interface Ethernet 0/0 

ip address 10.1.1.2 255.255.255.0 

bfd interval 400 min_rx 400 multiplier 4 

ip route static bfd Ethernet 0/0 10.1.1.2 

ip route 10.2SS.255.2 2SS.255.255.2S5 ethernet 0/0 10.1.1.1 


interface Ethernet 0/0 

ip address 10.1.1.2 255.255.255.0 

bfd interval 400 min_rx 400 multiplier 4 

ip route static bfd Ethernet 0/0 10.255.255.1 

ip route 10.0.0.0 255.0.0.0 ethernet 0/0 10.1.1.1 


interface Ethernet 0/0 

ip address 10.1.1.2 255.255.255.0 

bfd interval 400 min_rx 400 multiplier 4 

ip route static bfd Ethernet 0/0 10.1.1.1 

ip route 10.2SS.2S5.1 255.2SS. 255.255 ethernet 0/0 10.1.1.2 


Answer: A 


QUESTION 748 

Which two options about PIM-DM are true? (Choose two.) 

A. PIM-DM initally floods multicast traffic throughout the network. 

B. In a PIM-DM network, routers that have no upstream neighbors prune back unwanted traffic. 

C. PIM-DM supports only shared trees. 

D. PIM-DM uses a pull model to deliver multicast traffic. 

E. PIM-DM cannot be used to build a shared distribution tree. 

Answer: AE 


QUESTION 749 

Drag and Drop Question 

Drag each GETVPN component on the left to its function on the right. 
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Group Domain of Interpretation Protocol 


Authenticates group members. 



Group Member 


Serves as the crypto device. 



Key Encryption Key 


Secures data during transmission. 



Key Server 


Manages the group keys. 



Traffic Encryption Key 


Secures rekey messages. 

Answer: 


Group Domain of Interpretation Protocol 


Key Server 



Group Member 

Group Member 



Key Encryption Key 


Traffic Encryption Key 

Key Server 


Group Domain of Interpretation Protocol 



Traffic Encryption Key 


Key Encryption Key 


QUESTION 750 

Which two statements about EIGRP load balancing are true? (Choose two.) 

A. EIGRP supports 6 unequal-cost paths. 

B. A path can be used for load balancing only if it is a feasible successor. 

C. EIGRP supports unequal-cost paths by default. 

D. Any path in the EIGRP topology table can be used for unequal-cost load balancing. 

E. Cisco Express Forwarding is required to load-balance across interfaces. 

Answer: AB 


QUESTION 751 

What are three required commands when you enable source-specific multicast for addresses in 
the range 233.0.0.0/8? (Choose three.) 

A. ip multicast-routing 

B. ip igmp version 3 

C. ip pirn ssm-range 233.0.0.0/8 

D. ip igmp version 2 
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E. ip pim ssm-range default 

F. set routing-options multicast ssm-groups 233.0.0.0/8 

Answer: ABC 


QUESTION 752 

Refer to the exhibit. Which statement about this GETVPN configuration is true? 


crypto isakap keepalive IS periodic 

crypto gdoi group cestgroup 

server local 

address ipv4 10.1.1.1 

redundancy 

local priority 200 

peer address ipv4 10.1.2.2 


A. Co-operative key servers are configured. 

B. Redundant peers are configured. 

C. The key server uses multicast mode to propagate rekey messages. 

D. PSK authentication is configured. 

Answer: A 


QUESTION 753 

Drag and Drop Question 

Drag each MPLS term on the left to the matching statement on the right. 


Downstream 


The transit drection of prefix updates. 



LIB 


The component that replaces the top label in a label 


stack. 



LSP 


A route determined by IGP routing protocols. 



LSR 


Data travefcng to a destination. 



Upstream 


A table with labels received from peers. 

Answer: 
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QUESTION 754 

Which option is the origin code when a route is redistributed into BGP? 

A. IGP 

B. EGP 

C. external 

D. incomplete 

E. unknown 

Answer: D 


QUESTION 755 

Which packet does a router receive if it receives an OSPF type 4 packet? 

A. hello packet 

B. database descriptor packet 

C. link state update packet 

D. link state request packet 

E. link state acknowledge packet 

Answer: C 


QUESTION 756 

Refer to the exhibit. Why is the host unable to obtain an IP address? 
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GiO/O 


host 


Switch!I 
service dhcp 

ip dhcp relay information option 43 
vlan 15 

interface VlanlS 

ip address 10.10.IS.1 255.25S.2SS.0 
ip helper-address 172.1£.1.2 

interface GigabitEthernetO/O 
switchport mode access 
switchport access vlan 15 
ip verify source 


A. IP source guard is configured on the switch port. 

B. The DHCP server pool addresses are configured incorrectly. 

C. DHCP requests are being blocked. 

D. DHCP option 150 is disabled. 

Answer: A 


QUESTION 757 

Which three statements about DMVPN are true? (Choose three.) 

A. It facilitates zero-touch configuration for addition of new spokes. 

B. It supports dynamically addressed spokes using DHCP. 

C. It features automatic IPsec triggering for building an IPsec tunnel. 

D. It requires uses of IPsec to build the DMVPN cloud. 

E. Spokes can build tunnels to other spokes and exchange traffic directly. 

F. It supports server load balancing on the spokes. 

Answer: ACE 


QUESTION 758 

Which two options are disadvantages of a commingled dual-tier WAN rate-based Ethernet 
circuit? (Choose two.) 

A. It requires the maintenance of separate chassis. 

B. It has limited scalability. 

C. It requires additional CPU resources at the subscriber end. 

D. It is more difficult to secure. 
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E. It can increase the likelihood of packet drops. 

Answer: AE 


QUESTION 759 

When the BGP additional-paths feature is used, what allows a BGP speaker to differentiate 
between the different available paths? 

A. The remote BGP peer prepends its own next-hop address to the prefix. 

B. A unique path identifier is encoded into a dedicated field to the NLRI. 

C. A route distinguisher is appended to the prefix by the receiving BGP speaker. 

D. The additional path information is encoded in an extended community. 

Answer: B 


QUESTION 760 

Drag and Drop Question 

Drag each show command on the left to the description of its output on a PE router on the right. 


show p bgp vpn all 


Lists a VRF's VPN prefixes. 


show p bgp vpn all summary 


Lists a VRF's MPBGP and CE peers. 


show jp bgp vpn vrf <vrf_id> 


Lists the VPN prefixes that the router advertises and 
receives. 


show p bgp vpn vrf <vrf_id> labels 


Lists the labels for a VRF's VPN prefixes. 



show ip bgp vpn vrf <vrf_id> summary 


Lists the router's MPBGP and CE peers. 

Answer: 


show ip bgp vpn all 


show ip bgp vpn vrf <vrf_id> 



show ip bgp vpn all summary 


show ip bgp vpn vrf <vrf_id> summary 



show ip bgp vpn vrf <vrf_id> 


show ip bgp vpn all 



show ip bgp vpn vrf <vrf_id> labels 


show ip bgp vpn vrf <vrf_id> labels 



show ip bgp vpn vrf <vrf_id> summary 


show ip bgp vpn all summary 
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QUESTION 761 

Which two improvements do SIA-Query and SIA-Reply messages add to EIGRP? (Choose two.) 

A. Stuck-in-active conditions are solved faster. 

B. They prevent a route from going into the stuck-in-active state. 

C. They help in the localization of the real failure in the network. 

D. The EIGRP adjacency between two neighbors never goes down. 

Answer: AC 

QUESTION 762 

In which way does the Bridge Assurance mechanism modify the default spanning-tree behavior in 
an effort to prevent bridging loops? 

A. Received BPDUs are looped back toward the sender to ensure that the link is bidirectional. 

B. If BPDUs are no longer received on a port, the switch immediately sends out a TCN BPDU. 

C. Extended topology information is encoded into all BPDUs. 

D. BPDUs are sent bidirectional on all active network ports, including blocked and alternate ports. 

Answer: D 


QUESTION 763 

When you enable the MPLS Multi-VRF feature, which two supported routing protocols can be 
used to exchange routing information between PE routers and CE routers? (Choose two.) 

A. BGP 

B. RIP 

C. OSPF 

D. EIGRP 

E. IS-IS 

Answer: AB 


QUESTION 764 

Refer to the exhibit. Which two actions can you take to enable CE-1 at site A to access the 
Internet? (Choose two.) 
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A. Create a default route for site A on PE-1 with the next hop set to the PE-2 interface to the 
Internet. 

B. Originate a default route in site B with the next hop set to the PE-2 Internet interface, and import 
the default route into site A. 

C. Create a default route on CE-1 with the next hop set to the PE-1 upstream interface. 

D. Originate a default route in site A with the next hop set to the PE-2 interface to CE-1. 

E. Create a static default route on CE-1 with the next hop set to the PE-2 interface to the Internet. 

Answer: AB 


QUESTION 765 

Which statement about OSPF loop prevention is true? 

A. The discard route is generated automatically on the ABR to prevent routing loops. 

B. The ASBR uses type 3 LSAs from non-backbone areas to prevent control-plane routing loops. 

C. The ABR can filter type 3 LSPs to prevent routing loops. 

D. The DN bit ignores LSA types 2, 3, and 5 to prevent routing loops. 

Answer: A 


QUESTION 766 

Which map is locally defined? 

A. DSCP-to-DSCP-mutation 

B. CoS-to-DSCP 

C. IP-precedence-to-DSCP 

D. DSCP-to-CoS 
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Answer: A 


QUESTION 767 

What is the VLAN ID range of VLANs that are eligible for pruning? 

A. 2 through 1001 

B. 1 through 1005 

C. 1 through 4096 

D. 2 through 1005 

Answer: A 


QUESTION 768 

Which two statements about IS-IS wide metrics are true? (Choose two.) 

A. The wide metric is a 24-bit field. 

B. The maximum link metric is 16777215. 

C. R3 and R4 periodically advertise PNSP messages to synchronize the IS-IS database. 

D. IS-IS devices that are enabled with wide metrics can become neighbors with a device that uses 
standard metrics. 

E. The maximum link metric is 4261412864. 

F. The maximum path metric is 16777215. 

Answer: AB 


QUESTION 769 

Which two statements about Metro Ethernet services are true? (Choose two.) 

A. EPL is a point-to-point service from one customer site to another across an MPLS backbone. 

B. EVPL is a multipoint service that emulates a LAN over an MPLS backbone. 

C. EPLAN is a multipoint service that emulates a LAN over an MPLS backbone. 

D. EVPL is a point-to-point service from one customer site to another across an MPLS backbone. 

E. ELAN is a point-to-point service from one customer site to another across an MPLS backbone. 

F. EVPL is a multipoint service with a root node that is suitable for multicast services. 

Answer: AC 

QUESTION 770 

RIPv2 is enabled on a router interface. The "neighbor" command is also configured with a specific 
IP address. Which statement describes the effect of this configuration? 

A. RIP stops sending multicast packets on that interface. 

B. RIP starts sending only unicast packets on that interface. 

C. RIP starts ignoring multicast packets on that interface. 

D. RIP starts sending unicast packets to the specified neighbor, in addition to multicast packets. 

Answer: D 
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QUESTION 771 

When you implement CoPP on your network, what is its default action? 

A. permit all traffic 

B. rate-limit bidirectional traffic to the control plane 

C. drop management ingress traffic to the control plane 

D. monitor ingress and egress traffic to the control plane by using access groups that are applied to 
the interface 

E. block all traffic 

Answer: A 


QUESTION 772 

Which two statements about IPv4 and IPv6 networks are true? (Choose two.) 

A. In IPv6, hosts perform fragmentation. 

B. IPv6 uses a UDP checksum to verify packet integrity. 

C. In IPv6, routers perform fragmentation. 

D. In IPv4, fragmentation is performed by the source of the packet. 

E. IPv4 uses an optional checksum at the transport layer. 

F. IPv6 uses a required checksum at the network layer. 

Answer: AB 


QUESTION 773 

What are two benefits of NVI? (Choose two.) 

A. It provides scalability by maintaining a NAT table on every interface. 

B. It can dynamically create a static route to the NAT pool for translation. 

C. It supports the use of route maps for policy-based NAT. 

D. It supports the use of a single interface for translations. 

E. It injects a route into the existing routing protocol that directs translation to the NAT pool. 

Answer: AB 


QUESTION 774 

Drag and Drop Question 

Drag each spanning-tree feature on the left to the matching statement on the right. 
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BackboneFast 


Can create loops when configured on a non-host 
port. 



BPDU fflterng 


Error-disables a port when t receives an erroneous 
BPDU. 



BPDU guard 


Enables the root port to transition directly from the 
blocking state to the forwarding state. 



EtherChannel guard 


Detects misconfigurations between a switch and a 
connected device. 



Poit Fast 


Discards inbound BPDUs and prevents the interface 


from sendng outbound BPDUs. 



UpinkFast 


Starts spannmg-tree reconfiguration when it detects 
an indirect Ink faiure. 

Answer: 


BackboneFast 


Port Fast 



BPDU filtering 


BPDU guard 



BPDU guard 


UplinkFast 



EtherChannel guard 


EtherChannel guard 



Port Fast 


BPDU filtering 



UplinkFast 


BackboneFast 


QUESTION 775 

Which two BGP attributes are optional, non-transitive attributes? (Choose two.) 

A. AS path 

B. local preference 

C. MED 

D. weight 

E. cluster list 

Answer: CE 


QUESTION 776 

Which three statements about EIGRP wide metrics are true? (Choose three.) 
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A. The maximum metric is 65536. 

B. The default delay is 1,000,000 picoseconds. 

C. They allow up to 100 hops. 

D. They allow up to 256 hops. 

E. The default delay is 1,000,000 milliseconds. 

F. The maximum metric is 51200. 

Answer: ABC 


QUESTION 777 

Which component of the BGP ORF can you use to permit and deny routing updates? 

A. match 

B. action 

C. AFI 

D. SAFI 

E. ORF type 

Answer: A 


QUESTION 778 

Which two issues is TCP Sequence Number Randomization designed to prevent? (Choose two.) 

A. DDOS attacks 

B. OS fingerprinting 

C. man-in-the-middle attacks 

D. ARP poisoning 

E. Smurf attack 

Answer: BC 


QUESTION 779 

Which two OSPF network types require the use of a DR and BDR? (Choose two.) 

A. non-broadcast networks 

B. point-to-point networks 

C. point-to-multipoint networks 

D. broadcast networks 

E. point-to-multipoint non-broadcast networks 

Answer: AD 


QUESTION 780 

Which attribute is transported over an MPLS VPN as a BGP extended community? 

A. route target 

B. route distinguisher 

C. NLRI 
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D. origin 

E. local preference 

Answer: A 


QUESTION 781 

Which two statements about IP SLAs are true? (Choose two.) 

A. They are Layer 2 transport independent. 

B. Statistics are collected and stored in the RIB. 

C. Data for the delay performance metric can be collected both one-way and round-trip. 

D. Data can be collected with a physical probe. 

E. They are used primarily in the distribution layer. 

Answer: AC 


QUESTION 782 

Which three improvements does Cisco IOS XE Software offer over traditional IOS Software? 
(Choose three.) 

A. It can run applications as separate processes on multicore CPUs. 

B. It supports drivers for data plane ASICs outside of the operating system. 

C. It allows platform-dependent code to be compiled into a single image. 

D. It supports multiple IOS instances simultaneously, sharing resources and internal infrastructure 
for scalability. 

E. It allows platform-independent code to be abstracted into a single microkernel for portability 
across platforms. 

F. It uses a QNX Neutrino-based environment underneath the IOS Software. 

Answer: ABC 


QUESTION 783 

Refer to the exhibit. R1 and R2 both advertise 10.50.1.0/24 to R3 and R4 as shown. R1 is the 
primary path. Which path does traffic take from the R4 data center to the file server? 
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A. All traffic travels from R4 to R2 to the file server. 

B. All traffic travels from R4 to R3 to R1 to the file server. 

C. Traffic is load-balanced from R4 to R2 and R3. Traffic that is directed to R3 then continues to R1 
to the file server. Traffic that is directed to R2 continues to the file server. 

D. All traffic travels from R4 to R2 to R1 to the file server. 

Answer: D 


QUESTION 784 

Refer to the exhibit. If a console port is configured as shown, which response is displayed when 
you connect to the console port? 


username admin password 0 net secure 
aaa new-model 

aaa authentication login default group tacacs+ local 
aaa authorization exec default group tacacs* local 
banner motd *C 
Authorized U3er3 only. 

line con 0 

exec-timeout 5 0 
privilege level IS 
no vacant-message 
activation-character 124 


A. a blinking cursor 

B. the message "Authorized users only" 

C. the username prompt 

D. three username name prompts followed by a timeout message 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


312 






















Pass Leader’ 

Leader of IT Certifications 


E. the message "Connection refused" 

Answer: A 


QUESTION 785 

Refer to the exhibit. Your organization has two offices, Site 1 and Site 2, which are connected by 
a provider backbone, as shown. Where must you configure an attachment circuit to allow the two 
sites to connect over a Layer 2 network using L2TPv3? 



A. PE Site 1 Fal/0 and PE Site 2 FaO/O 

B. CE Site 1 FaO/O and CE Site 2 FaO/O 

C. PE Site 1 SeO/O and PE Site 2 SeO/O 

D. CE Site 1 FaO/O and PE Site 2 SeO/O 

Answer: A 


QUESTION 786 

What is the destination address of an IGMPv2 general membership query? 

A. 224.0.0.1 

B. 224.0.1.1 

C. 224.0.0.2 

D. the multicast group address 

Answer: A 


QUESTION 787 

Which statement about SSHv2 is true? 

A. Routers acting as SSH clients can operate without RSA keys. 

B. SSHv2 supports port forwarding and compression. 

C. The RSA key pair size must be at least 512. 

D. You must configure a default gateway before you enable SSHv2. 

Answer: A 
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QUESTION 788 

Refer to the exhibit. What kind of problem is detected? 


Router#ping 
Protocol [ip]: 

Target IP address: 209.165.200.200 
Repeat count [5]: 1 
Datagram size [100]: 

Timeout in seconds [2]: 

Extended commands [n]: y 
Source address or interface: 

Type of service [0]: 

Set DF bit in IP header? [no]: y 
Validate reply data? [no] : 

Data pattern [OxABCD]: 

Loose, Strict, Record, Timestamp, Verbose[none]: 

Sweep range of sizes [n]: y 
Sweep min size [36]: 1460 
Sweep max size [18024]: 1500 
Sweep interval [1]: 

Type escape sequence to abort. 

Sending 41, [1460..1500]-byte ICMP Echos to 209.165.200.200, 
timeout is 2 seconds: 

Packet sent with the DF bit set 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!MMMMMMMM 

Success rate is 80 percent (33/41), round-trip min/avg/max = 

28/28/32 ms 

Router# 


A. The packet types that are being sent are unknown. 

B. The maximum MTU size that can be used is 1492. 

C. Waiting for a reply timed out. 

D. Fragmentation starts to occur when the MTU of 1472 is reached. 

Answer: B 


QUESTION 789 

Which two statements about MLD are true? (Choose two.) 

A. MLD is a subprotocol of ICMPv6. 

B. When a single link supports multiple interfaces, only one interface is required to send MLD 
messages. 

C. MLD is a subprotocol of PIMv6. 

D. When a single link supports multiple interfaces, all supported interfaces are required to send MLD 
messages. 

E. There are three subtypes of MLD query messages. 

F. The code section in the MLD message is set to 1 by the sender and ignored by receivers. 
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Answer: AB 


QUESTION 790 

Refer to the exhibit. Router R2 is learning the 192.168.1.0/24 network from R1 via EIGRP and 
eBGP. R2 then redistributes EIGRP into OSPF as metric-type 2 with default metrics. Which 
metric of the route in the R3 routing table? 



192.168.1.0/24 

eBGP 1 


OSPF 
Area 0 


R1 

192.168.1.0/24 

-► 

R2 


^ R3 

EIGRP 



A. 20 

B. 30 

C. 110 

D. The route is not present in the R3 routing table. 

Answer: D 


QUESTION 791 

Which two statements about OSPFv3 are true? (Choose two.) 

A. It supports unicast address families for IPv4 and IPv6. 

B. It supports unicast address families for IPv6 only. 

C. It supports only one address family per instance. 

D. It supports the use of a cluster ID for loop prevention. 

E. It supports multicast address families for IPv4 and IPv6. 

F. It supports multicast address families for IPv6 only. 

Answer: AC 


QUESTION 792 

Refer to the exhibit. The VLAN-to-MST mapping is shown. (Assume SW1 acts as root for all 
possible MST instances.) 
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* 

* 

* 


/ 

/ 

/ 

/ 

1 

1 

1 

1 

1 

1 

1 

/ _ GiO/23 

VLAN 300 

GiO/23 _ \ 

|SW1 ^ 


SW2| 


\ GiO/24 

VAN 200 

GiO/24 / 

✓ 


spanning-tree mst configuration name MST? 
revision 2? 

instance 0 vlan 1-200,301-4094 instance 1 vlan 201-300 

i 

If this topology is deployed, which action is required for traffic to flow on VLAN 200 and 300? 

A. Map VLAN 300 to instance 0. 

B. Map VLAN 200 to instance 2. 

C. Move instance 0 root to SW2. 

D. Move instance 1 root to SW2. 

E. Map both VLANs to instance 2. 

Answer: B 


QUESTION 793 

Which two statements about VRRP are true? (Choose two.) 

A. It is assigned multicast address 224.0.0.18. 

B. The TTL for VRRP packets must be 255. 

C. It is assigned multicast address 224.0.0.9. 

D. Its IP protocol number is 115. 

E. Three versions of the VRRP protocol have been defined. 

F. It supports both MD5 and SHA1 authentication. 

Answer: AB 


QUESTION 794 

Drag and Drop Question 

Drag each routing protocol on the left to the matching statement on the right. 
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BGP 


Has low resource usage and can be configured to 
send either unicast or multicast updates. 



ISIS 


Has high resource usage and requires the 
administrator to modify routing behavior to limit the 

infnrmpHnn fhpl- k cpnf fn nnn-h^rkhnnp Ipv/pIq 



OSPP 


Has high resource usage and supports a proprietary 
Cisco option to perform primary route calculation. 



RIPv2 


Has high resource usage and uses TLV to 
incorporate features. 


Answer: 




QUESTION 795 

Which two statements about IBGP multipath are true? (Choose two.) 

A. The IGP metric of the BGP next hop can be different from the best-path IGP metric if you 
configure the router for unequal-cost IBGP multipath. 

B. The IGP metric of the BGP next hop must be the same as the best-path IGP metric. 

C. The equivalent next-hop-self is performed on the best path from among the IBGP multipaths 
before it is forwarded to external peers. 

D. The path should be learned from an external neighbor. 

E. The router BGP process must learn the path from a confederation-external or external neighbor. 

F. The router BGP process must learn the path from an internal neighbor. 

Answer: AF 


QUESTION 796 

Which statement about a P router in a Layer 3 MPLS VPN is true? 

A. It is unaware of VPN routes. 

B. It connects to customer edge routers. 

C. It participates in MPLS VPN routing. 
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D. It uses the running IGP to share VPN routes. 

Answer: A 


QUESTION 797 

Which two statements about PIM-DM are true? (Choose two.) 

A. It forwards multicast packets on a source tree. 

B. It requires an RP. 

C. It forwards multicast packets on a shared distribution tree. 

D. It floods multicast packets to neighbors that have requested the data. 

E. It floods multicast packets throughout the network. 

F. It forwards multicast packets to neighbors that have requested the data. 

Answer: AE 


QUESTION 798 

Which two statements about the MAC address table space are true? (Choose two.) 

A. You can disable learning on a VLAN to reduce table-space requirements. 

B. When you disable learning on a VLAN with an SVI, IP packet flooding in the Layer 2 domain is 
also disabled. 

C. Unicast, multicast, and broadcast MAC address filtering is configured globally and disabled by 
default. 

D. The default setting for static MAC addresses to age out of the MAC address table is 300 seconds. 

E. Turning off MAC learning on VLANs 900 through 1005 disables learning on VLANs 900 through 
1001. 

Answer: AE 


QUESTION 799 

Which statement about LISP encapsulation in an EIGRP OTP implementation is true? 

A. OTP uses LISP encapsulation for dynamic multipoint tunneling. 

B. OTP maintains the LISP control plane. 

C. OTP uses LISP encapsulation to obtain routes from neighbors. 

D. LISP learns the next hop. 

Answer: A 


QUESTION 800 

Refer to the exhibit. Which two benefits result from using this command on a switch? (Choose 
two.) 


Switch(config-ifitfsvitchport block unicast 


A. The port cannot forward unknown unicast packets. 
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B. Network security is increased on the configured port. 

C. The port cannot forward unknown multicast packets. 

D. The port cannot forward unknown broadcast packets. 

E. Network security is increased on all ports of the switch. 

F. Unknown packets of all types, except unicast, are blocked. 

Answer: AB 


QUESTION 801 

Refer to the exhibit. IPv6 SLAAC clients that are connected to the router are unable to acquire 
IPv6 addresses. 

What is the reason for this issue? 


ROGW-1#show ipv6 interface g0/1 
GigabitEthernetO/1 is up, line protocol is up 
IPv6 is enabled, link-local address is FE80::4000 
No Virtual link-local address(es): 

Global unicast address(es): 

2001: DB8 4000:4000, subnet is 2001:DB8:4000::/64 
Joined group address(es): 

FF02::1 

FF02::2 

FF02::1:2 

FF02::1:FF00:4000 
MTU is 1280 bytes 

ICMP error messages limited to one every 100 milliseconds 
ICMP redirects are enabled 
ICMP unreachables are sent 
ND DAD is disabled 

ND reachable time is 30000 milliseconds (using 30000) 

ND advertised reachable time is 0 (unspecified) 

ND advertised retransmit interval is 0 (unspecified) 

ND router advertisements are sent every 5 seconds 
ND router advertisements live for 1800 seconds 
ND advertised default router preference is Low 
ND RAs are suppressed (periodic) 

Hosts use stateless autoconfig for addresses. 

Hosts use DHCP to obtain other configuration. 


A. Router advertisements are not sent by the router. 

B. Duplicate address detection is disabled but is required on multiaccess networks. 

C. The interface is configured to support DHCPv6 clients only. 

D. The configured interface MTU is too low for IPv6 to be operational. 

Answer: A 
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QUESTION 802 

Which three statements about the default behaviour of eBGP sessions are true? (Choose three.) 

A. eBGP sessions between sub-ASs in different confederations transmit the next hop unchanged. 

B. The next hop in an eBGP peering is the IP address of the neighbor that announced the route. 

C. When a route reflector reflects a route to a client, it transmits the next hop unchanged. 

D. The next hop in an eBGP peering is the loopback address of the interface that originated the 
route. 

E. The next hop in an eBGP peering is the loopback address of the neighbor that announced the 
route. 

F. When a route reflector reflects a route to a client, it changes the next hop to its own address. 

Answer: ABC 


QUESTION 803 

Which two statements about path selection are true? (Choose two.) 

A. If there are multiple equal matches between OSPF processes, the path with the lowest OSPF PID 
is chosen. 

B. If the backdoor command is configured on a BGP network, the route is advertised with an AD of 
20 . 

C. If an OSPF E2 route has an AS of 90, that path is preferred over an OSPF IA route with an AD of 
110 . 

D. If there are multiple equal matches between the same protocols on an EIGRP network, the 
preferred path will be EIGRP with the highest AS. 

E. If IS-IS has multiple routes with the same prefix-length, it will prefer Level 1 routes over Level 2 
routes. 

Answer: AE 


QUESTION 804 

Which two statements about MAC Authentication Bypass are true? (Choose two.) 

A. Traffic from an endpoint is authorized to pass after MAB authenticates the MAC address of the 
endpoint. 

B. During the learning stage, the switch examines multiple packets from the endpoint to determine 
the MAC address of the endpoint. 

C. After the switch learns the MAC address of the endpoint, it uses TACACS+ to authenticate it. 

D. After learning a source MAC address, it sends the host a RADIUS Account-Request message to 
validate the address. 

E. The MAC address of a device serves as its user name and password to authenticate with a 
RADIUS server. 

Answer: AE 


QUESTION 805 

An IP SLA fails to generate statistics. How can you fix the problem? 
A. Add the verify-data command to the router configuration. 
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B. Reload the router configuration. 

C. Remove the ip sla schedule statement from the router configuration and re-enter it. 

D. Add the debug ip sla error command to the router configuration. 

E. Add the debug ip sla trace command to the router configuration. 

Answer: A 


QUESTION 806 

Which statement about UDLD is true? 

A. The udld reset command resets ports that have been error-disabled by both UDLD and Fast 
UDLD. 

B. Fast UDLD is configured in aggressive mode. 

C. Only bidirectional link failures can be detected in normal mode. 

D. Each switch in a UDLD topology can send and receive packets to and from its neighbors. 

Answer: A 


QUESTION 807 

What are two benefits of Per-Tunnel QoS for DMVPN? (Choose two.) 

A. The administrator can configure criteria that, when matched, can automatically set up QoS for 
each spoke as it comes online. 

B. Traffic from each spoke to the hub can be regulated individually. 

C. When traffic exceeds a configurable threshold, the spokes can automatically set up QoS with the 
hub. 

D. The hub can send large packets to a spoke during allotted timeframes. 

E. The hub can be regulated to prevent overloading small spokes. 

Answer: AE 


QUESTION 808 

Refer to the exhibit. If a connection failure occurs between R1 and R2, which two actions can you 
take to allow CR-1 to reach the subnet 192.168.192.0/24 on R2? (Choose two.) 
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A. Create a static route on R1 for subnet 192.168.192.0/24 towards R3 and redistribute it into OSPF. 

B. Turn up a BGP session between CR-1 and R1. 

C. Create a static route on R1 for subnet 192.168.192.0/24 towards R3 and redistribute it into BGP. 

D. Turn up an EIGRP session between R1 and R3 with AS 65535. 

E. Create an OSPF virtual link between CR-1 and R2 to bypass R1. 

Answer: AB 


QUESTION 809 

Which two statements about Cisco Performance Routing are true? (Choose two.) 

A. It analyzes application performance to make routing decisions. 

B. When determining the best path, it prefers the shortest path. 

C. It can help the administrator determine the need for bandwidth upgrades. 

D. It operates entirely in the data plane. 

E. It can use EIGRP feasible successors to determine an alternate path. 

F. It analyzes system hardware performance to make routing decisions. 

Answer: AE 


QUESTION 810 

What is the function of an implicit-null label? 

A. It notifies the upstream LSR to remove the top label in the label stack and forward the packet. 

B. It notifies the upstream LSR to add a VPN label to the label stack. 

C. It is used to statically assign a label to an IGP route. 

D. It is used to identify the router ID. 

Answer: A 
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QUESTION 811 

Refer to the exhibit. Which statement about this GET VPN configuration is true? 


Router 1 

crypto isaknp keepalive IS periodic 

crypto gdoi group TESTGP.OtJP 

server local 

address ipv4 10.1.1.1 

redundancy 

local priority 2S0 

peer address ipv4 10.0.1.2 


Router 2 

crypto isakap keepalive IS periodic 

crypto gdoi group TESTGP.OtJP 

server local 

address ipv4 10.0.1.2 

redundancy 

local priority 200 

peer address ipv4 10.1.1.1 


A. Router 1 acts as the primary key server because it has a higher priority. 

B. An RSA key has been imported into the configuration. 

C. The GDOI group configuration generated a key. 

D. DPD is disabled. 

Answer: A 


QUESTION 812 

Which two statements about BGP prefix-based outbound filtering are true? (Choose two.) 

A. It must be configured per address family. 

B. It can use prefix lists and route maps for filtering. 

C. It can be configured under the global BGP routing process. 

D. It can be configured for external peering sessions only. 

E. It can increase the processing load on the router. 

F. It supports IP multicast routes. 

Answer: AD 


QUESTION 813 

Drag and Drop Question 

Drag each statement about EtherChannel protocols on the left to the matching EtherChannel 
protocol on the right. 
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A Cisco Prophetary protocol. 


Supports 8 ports n a port group, with all active. 


Supports auto and desrable configuration modes. 


Supported by the IEEE 802.3ad protocol. 


Supports 16 ports in a port group, with 8 active. 


Supports active and passive configuration modes. 


Answer: 


A Cisco Proprietary protocol. 


Supports 8 ports in a port group, with all active. 


Supports auto and desirable configuration modes. 


Supported by the IEEE 802,3ad protocol, 


Supports 16 ports in a port group, with 8 active. 


Supports active and passive configuration modes. 




Supported by the IEEE 802.3ad protocol. 


Supports 16 ports in a port group, with 8 active. 


Supports active and passive configuration modes. 


QUESTION 814 

Which two statements about Layer 2 Frame Prioritization bits are true? (Choose two.) 

A. 802.1 Q frame headers carry the CoS value in the three most-significant bits of the 2- byte Tag 
Control Information field. 

B. ISL frame headers carry an IEEE 802.1 P CoS value in the three least-significant bits of the 2-byte 
User field. 
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C. ISL frame headers carry an IEEE 802.1 P CoS value in the three most-significant bits of the 1-byte 
User field. 

D. On 802.IQ trunks, traffic in the native VLAN is carried in 802.IQ frames. 

E. Only 802.IQ and ISL frame types can carry CoS information. 

F. On 802.IQ trunks, traffic in the native VLAN is carried in 802.1 P frames. 

Answer: AE 


QUESTION 815 

Refer to the exhibit. Which statement about authentication on Router A is true? 


P.outerA#shov run 
Building configuration... 

aaa authentication login default group tacacs+ local 

tacacs server host 10.1.1.2 single-connection 
tacacs server directed-request 
tacacs server key ciscotacacs 

end 


A. The router will attempt to authenticate users against TACACS+ only. 

B. The router will attempt to authenticate users against the local database only. 

C. The router will attempt to authenticate users against the local database first, and fall back to 
TACACS+ if the local database authentication fails. 

D. The router will authenticate users against the default database only. 

E. The router will attempt to authenticate users against TACACS+ first, and fall back to the local 
database if the TACACS+ authentication fails. 

Answer: E 


QUESTION 816 

Drag and Drop Question 

Drag each OSPF route-type identifier on the left to its description on the right. 
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El 


A translated, redistributed route whose metric 
increments along the path. 



E2 


A route from another area. 



N1 


A route within an area. 



N2 


A redistributed route whose metric remains the 
same along the path. 



0 


A redistributed route whose metric ncrements along 
the path. 



OIA 


A translated, redistributed route whose metric 
remains the same abnq the path. 

Answer: 


El 


N1 



E2 


0 IA 



N1 


0 



N2 


E2 



0 


El 



0 IA 

IM2 

QUESTION 817 

When you implement PfR, which IP SLA probe is used to determine the MOS? 

A. jitter 

B. latency 

C. packet loss 

D. throughput 


Answer: A 


QUESTION 818 

Refer to the exhibit. What password will be required to enter privileged EXEC mode on a device 
with the given configuration? 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


326 


























































Pass Leader* 

Leader of IT Certifications 


Routerl#sh run 
Building configuration... 

Cuttent configuration : 7418 bytes 

enable password cisco 

enable secret ciscotest 

line con 0 

exec-timeout 0 0 
password ciscocert 
logging synchronous 
line aux 0 

password ciscoccie 
line vty 0 4 

password ciscors 

end 


A. ciscotest 

B. ciscocert 

C. cisco 

D. ciscors 

E. ciscoccie 

Answer: A 


QUESTION 819 

Which two attributes were introduced with the Cisco IOS BGP 4-byte ASN feature? (Choose two.) 

A. AS4 AGGREGATOR 

B. AS4 PATH 

C. AS4 PLAIN 

D. AS4DOT 

E. AS4 TRANS 

Answer: AB 


QUESTION 820 

How is the MRU for a multilink bundle determined? 

A. It is negotiated by LCP. 

B. It is manually configured on the multilink bundle. 

C. It is manually configured on all physical interfaces of a multilink bundle. 

D. It is negotiated by NCP. 

E. It is negotiated by IPCP. 

Answer: A 
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QUESTION 821 

Refer to the exhibit. Two multicast domains are configured as shown and connected with MSDP, 
but the two domains are unable to communicate. 

Which two actions can you take to correct the problem? (Choose two.) 



BGP 65:10 


P.lfshov tun inc loO 
Building configuration... 

Current configuration : 116 bytea 

interface LoopbackO 

ip addreaa 10.0.0.10 25S.2SS.25S.255 
end 

P.lfshov tun int GiO/O/O 
Building configuration... 

Current configuration : 233 bytea 
interface GigabitEthernetO/O/O 

ip addreaa 172.16.1.13 2SS.ZSS.25S.2S2 

end 

Rll show run I include as dp 
Building configuration... 

Current configuration : 120 bytea 
ip nadp otiginatot-id loopback O 

ip nsdp peer 10.0.0.10 connect-source loopback 0 reaote-as 65220 
end 



BGP 65220 


RZlahov cun int loO 
Building configuration... 

Current configuration : 116 bytea 

interface LoopbackO 

ip addreaa 10.0.0.20 2SS.2SS.2SS.2SS 
end 

RZlahov run int GlO/O/O 
Building configuration... 

Current configuration : 233 bytea 

interface GigabltZthetnetO/O/O 

ip addreaa 172.16.1.14 2S5.2SS.25S.2S2 

end 

P.2I show run I include asdp 
Building configuration... 

Current configuration : 120 bytea 
ip madp originator-id loopback 0 

ip madp peer 10.0.0.10 connect-aource loopback 0 reaote-as 65210 
end 


A. Change the peering IP address in AS 65220 to 10.0.0.20. 

B. Change the peering AS on R2 to 65210. 

C. Verify that UDP port 639 is open. 

D. Verify that TCP port 139 is open. 

E. Change the MSDP originator-id to GigabitEthernet 0/0/0 on both routers. 

F. Change the MSDP peering IP address on R2 to 172.16.1.13. 

Answer: AB 


QUESTION 822 

Which two statements about 802.1 Q tunneling are true? (Choose two.) 

A. It requires a system MTU of at least 1504 bytes. 

B. The default configuration sends Cisco Discovery Protocol, STP, and VTP information. 

C. Traffic that traverses the tunnel is encrypted. 

D. It is supported on private VLAN ports. 

E. MAC-based QoS and UDLD are supported on tunnel ports. 

F. Its maximum allowable system MTU is 1546 bytes. 

Answer: AE 
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QUESTION 823 

Drag and Drop Question 

Drag each IS-IS command on the left to its effect on the right. 


isis csnp-interval 


Sets the delay between successive LSP 
transmissions. 



66 bp-mterval 


Enables graceful restart. 



66 retransmit-throttle interval 


Sets the delay between point-to-point LSP 
transmissions. 



isis three-way-handshake ietf 


Configures point-to-point adjacencies. 



nsf cisco 


Maintains database synchronization. 



nsf ietf 


Enables nonstop routing. 


Answer: 


isis csnp-interval 


isis Isp-interval 



isis Isp-interval 


nsf ietf 



isis retransmit-throttle interval 


isis retransmit-throttle interval 

isis three-way-handshake ietf 


isis three-way-handshake ietf 



nsf cisco 


isis csnp-interval 



nsf ietf 


nsf cisco 


QUESTION 824 

Which value is the maximum segment size if you start with an MTU of 1500 bytes and then 
remove the overhead of the Ethernet header, IP header, TCP header, and the MAC frame check 
sequence? 

A. 1434 bytes 

B. 1460 bytes 

C. 1458 bytes 

D. 1464 bytes 

Answer: B 
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QUESTION 825 

Which cache aggregation scheme is supported by NetFlow ToS-based router aggregation? 

A. prefix-port 

B. AS 

C. protocol port 

D. destination prefix 

Answer: A 


QUESTION 826 

Refer to the exhibit. Which configuration can you implement on PE-1 to allow CE-1 to receive 
delegated IPv6 prefixes? 



ipv6 local pool CE-1 2001:dbS:4:8888::/48 56 
ipv6 dhcp pool CE-1-DHCP 

prefix-delegation pool CE-1 lifetime infinite infinite 
interface GigiabitEthernetO/O 

ipv£ address 2001:db8:4:822::l/£4 
ipv£ dhcp server CE-1-DHCP 


ipv6 local pool CE-1 2001:dbS:4:8888/49 56 
ipv6 dhcp pool CE-1-DHCP 
interface Gigiabit£thernet0/0 

ipv£ address 2001:db8:4:822::1/64 
ipv£ dhcp server CE-1 


ipv6 local pool CE-1 2001:dh8:4:8888/56 48 
ipv6 dhcp pool CE-1-DHCP 

prefix-delegation pool CE-1 lifetime infinite infinite 
interface GigiabitEthernet0/0 

ipv£ address 2001:db8:4:822::1/64 
ipv£ dhcp server CE-1-DHCP 
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ipv6 local pool CE-1 2001:dbS: 4: 8888:: /4e 32 
ipv6 dhcp pool CE-l-DHCP 

ptefix-delegatlon pool CE-1 lifecme infinite infinite 
interface Gigiabit£thernet0/0 

ipvfi address 2001:db8:4:822::l/£4 
ipv£ dhcp server CE-l-DHCP 


ip local pool CE-1 2001:dbB:4:8888::/£4 48 
ipv6 dlicp pool CE-l-DHCP 

prefix-delegation pool CE-1 lifetime infinite infinite 
interface Gigiabit£thernet0/0 

ipv£ address 2001:db8:4:822::l/£4 
ipv£ dhcp server CE-l-DHCP 


Answer: A 


QUESTION 827 

Which two statements about DHCP snooping are true? (Choose two.) 

A. It is implemented on a per-VLAN basis. 

B. It filters invalid DHCP messages. 

C. The binding database logs trusted and untrusted hosts with leased IP addresses. 

D. Interfaces are trusted by default. 

E. It uses the LFIB to validate requests from untrusted hosts. 

Answer: AB 


QUESTION 828 

Refer to the exhibit. Which BGP feature allows R1 to instruct R2 which prefixes it is allowed to 
advertise to R1? 



A. route refresh 

B. Prefix-Based Outbound Route Filtering 

C. distribute lists 

D. prefix lists 

Answer: B 
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QUESTION 829 

Which technology facilitates dynamic tunnel establishment in DMVPN? 

A. CEF 

B. mGRE 

C. a dynamic routing protocol 

D. NHRP 

Answer: D 


QUESTION 830 

Which two statements about SNMP are true? (Choose two.) 

A. SNMPv3 provides privacy and access control. 

B. All SNMP versions use get, getNext, and getBulk operations. 

C. SNMPv3 uses encrypted community strings. 

D. SNMPvl and SNMPv2c use plaintext community strings. 

E. All SNMP versions support bulk retrieval and detailed error messages. 

Answer: AB 


QUESTION 831 

Which two statements about route summarization are true? (Choose two.) 

A. RIP, IGRP, and EIGRP can automatically summarize routing information at network address 
boundaries. 

B. EIGRP can automatically summarize external routes. 

C. The area range command can aggregate addresses on the ASBR. 

D. The summary-address command under the router process configures manual summarization 
RIPv2 devices. 

E. The ip classless command enables classful protocols to select a default route to an unknown 
subnet on a network with other known subnets. 

Answer: AE 


QUESTION 832 

Which two message types allow PIM snooping to forward multicast traffic? (Choose two.) 

A. hello messages 

B. leave messages 

C. membership query messages 

D. bidirectional PIM DF election messages 

Answer: AD 


QUESTION 833 

Which feature of Cisco IOS XE Software allows for platform-independent code abstraction? 
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A. its security 

B. Common Management Enabling Technology 

C. the Linux-based environment 

D. its modularity 

Answer: D 


QUESTION 834 

Which statement about the VLAN database is true? 

A. Manually deleting the vlan.dat file can cause inconsistency in the database. 

B. Private VLAN information is stored in the database. 

C. VLAN configurations 1 through 4096 are stored in the vlan.dat file. 

D. The VLAN database is used only if the VTP domain name in the VLAN database matches the 
VTP domain name in the startup-config file. 

Answer: A 


QUESTION 835 

In an STP domain, which two statements are true for a nonroot switch, when it receives a 
configuration BPDU from the root bridge with the TC bit set? (Choose two.) 

A. It sets the MAC table aging time to maxage time. 

B. It sets the MAC table aging time to forward_delay time. 

C. It recalculates the STP topology upon receiving topology change notification from the root switch. 

D. It does not recalculate the STP topology upon receiving topology change notification from the root 
switch. 

Answer: BD 


QUESTION 836 

Which two statements about OSPF default route injection are true? (Choose two.) 

A. The ABR requires manual configuration to send a default route into an NSSA area. 

B. The ABR injects a default route into a Totally Stub Area. 

C. In a stub area, the ASBR generates a summary LSA with link-state ID 0.0.0.0. 

D. If the default route is missing from the routing table, the ASBR can use the default-information 
originate command to advertise the default into the OSPF domain. 

E. By default, OSPF normal areas will generate default routes into the routing domain if a default 
route exists. 

Answer: AB 


QUESTION 837 

Refer to the exhibit. While reviewing a log file on a router with this NTP configuration, you note 
that the log entries of the router display a different time than the NTP time. 
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clock tinezone ES 7 -5 

clock 3',iminer-tine iOT recurring 

service titoestamrs debug daretime 

service tlmefltaraps loq datetune 

logging buffered 5000 debugging 

ntp clock-period 17179272 

ntp server 10.181.23.23 


Which action can you take to correct the problem? 

A. Add the localtime keyword to the service timestamps log datetime statement. 

B. Add the msec keyword to the service timestamps log datetime statement. 

C. Add the statement ntp broadcast to the NTP configuration of the neighboring router. 

D. Configure the router to be the NTP master. 

E. Remove the datetime keyword from the service timestamps log datetime statement. 

Answer: A 


QUESTION 838 

What are the three variants of NTPv4? (Choose three.) 

A. client/server 

B. broadcast 

C. symmetric 

D. multicast 

E. asymmetric 

F. unicast 

Answer: ABC 


QUESTION 839 

Which two options are mandatory components of a multiprotocol BGP VPN-IPv4 address? 
(Choose two.) 

A. a system ID 

B. a route target 

C. a route distinguisher 

D. an MPLS label 

E. an area ID 

F. an IPv4 address 

Answer: CF 


QUESTION 840 

Which two statements about ERSPAN are true? (Choose two.) 

A. It supports jumbo frames of up to 9202 bytes. 

B. It adds a 50-byte header to copied Layer 2 Ethernet frames. 
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C. It supports packet fragmentation and reassembles the packets. 

D. It adds a 4-byte header to copied Layer 2 Ethernet frames. 

E. Source sessions on an individual switch can use different origin IP addresses. 

Answer: AB 


QUESTION 841 

Which two statements about PBR route maps are true? (Choose two.) 

A. They can use extended ACLs to identify traffic. 

B. They can route unicast traffic without interface-level classification. 

C. They can be applied to both ingress and egress traffic. 

D. They can classify traffic based on prefix-lists. 

E. They can set the metric and IP precedence bits. 

Answer: AB 


QUESTION 842 

Which three events can cause a control plane to become overwhelmed? (Choose three.) 

A. a worm attack 

B. processing a stream of jumbo packets 

C. a microburst 

D. a configuration error 

E. a reconvergence failure 

F. a device-generated FTP session 

Answer: ADE 


QUESTION 843 

Which three statements are true about unicast RPF? (Choose three.) 

A. Unicast RPF requires CEF to be enabled. 

B. Unicast RPF strict mode works better with multihomed networks. 

C. Unicast RPF strict mode supports symmetric paths. 

D. Unicast RPF strict mode supports asymmetric paths. 

E. CEF is optional with Unicast RPF, but when CEF is enabled it provides better performance. 

F. Unicast RPF loose mode is typically used with ISP networks. 

Answer: ACF 


QUESTION 844 

What are three benefits of deploying NAT with ALG? (Choose three.) 

A. the use of dynamic ephemeral ports through a firewall 

B. the synchronization of translations between multiple streams of data 

C. the use of deep packet inspection 

D. the use of static ephemeral ports through a firewall 
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E. the conversion of session layer addresses from the application payload to outside global 
addresses 

F. NAT traversal to support asymmetric data sessions 

Answer: ABC 


QUESTION 845 

Which two statements about a network running MPLS VPN with IS-IS IGP are true? (Choose 

two.) 

A. IS-IS traffic engineering uses wide metric TLV type 135 with an up/down bit to define a leaked 
route. 

B. IS-IS traffic engineering uses wide metric TLV type 128 with an internal/external bit and an 
up/down bit to define a leaked route. 

C. IS-IS traffic engineering uses wide metric TLV type 130 with an internal/external bit and an 
up/down bit to define a leaked route. 

D. If the IS-IS up/down bit is set to 1, the leaked route originated in the LI area. 

E. The MPLS VPN IS-IS core is inherently protected against IP-based attacks. 

Answer: AE 


QUESTION 846 

When VRF-Lite is configured without BGP support, which statement about the configuration of 
the route target and route distinguisher is true? 

A. The configuration of the route target and route distinguisher is required. 

B. The configuration of the route target and route distinguisher is not required. 

C. The configuration of the route target is required and the configuration of the route distinguisher 

not required. 

D. The configuration of the route target is not required and the configuration of the route 
distinguisher is required. 

Answer: D 


QUESTION 847 

How does MSTP provide backward compatibility with RSTP? 

A. It uses the hop count variable as a TTL counter. 

B. It transmits all spanning-tree information in one BPDU. 

C. It supports up to 128 MSTI messages. 

D. It encodes the MSTP-specific region information before the legacy RSTP BPDU. 

Answer: D 


QUESTION 848 

Which standard feature can be exploited by an attacker to perform network reconnaissance? 

A. IP-directed broadcast 

B. maintenance operations ptotocol 
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C. ICMP redirects 

D. source quench 

Answer: C 


QUESTION 849 

How are the Cisco Express Forwarding table and the FIB related to each other? 

A. The FIB is used to populate the Cisco Express Forwarding table. 

B. The Cisco Express Forwarding table allows route lookups to be forwarded to the route processor 
for processing before they are 

C. There can be only one FIB but multiple Cisco Express Forwarding tables on IOS devices. 

D. Cisco Express Forwarding uses a FIB to make IP destination prefix-based switching decisions. 

Answer: D 


QUESTION 850 

Which statement about the bgp soft-reconfig-backup command is true? 

A. It requires BGP to store all inbound and outbound updates. 

B. It overrides soft reconfiguration for devices that support inbound soft reconfiguration. 

C. When the peer is unable to store updates, the updates are implemented immediately. 

D. It provides soft reconfiguration capabilities for peers that are unable to support route refresh. 

E. It provides outbound soft reconfiguration for peers. 

Answer: D 


QUESTION 851 

What happens when an interface is configured as passive in OSPF? 

A. No OSPF neighbor ship is formed on the interface. 

B. An OSPF neighbor ship is formed with the DR, but not with the BDR. 

C. The subnet configured on the interface is not advertised to any other neighbor. 

D. OSPF hello messages are sent as unicast instead of multicast. 

Answer: A 


QUESTION 852 

Which protocol will accept incoming updates when the passive-interface command is configured? 

A. OSPF 

B. IS-IS 

C. RIP 

D. EIGRP 

Answer: C 


QUESTION 853 
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What are the three HDLC operating modes? (Choose three.) 

A. normal response 

B. asynchronous balanced 

C. synchronous response 

D. asynchronous response 

E. normal balanced 

F. synchronous balanced 

Answer: ABD 


QUESTION 854 

Which three statements about OSPFv3 address families are true? (Choose three.) 

A. Each address family requires the same instance ID. 

B. Address families can perform route redistribution into any IPv4 routing protocol. 

C. An address family can have two device processes on each interface. 

D. IPv4 address family require an IPv4 address to be configured on the interface,. 

E. Each address family uses a different shortest path tree. 

F. Different address families can share the same link state database. 

Answer: BDE 


QUESTION 855 

Which BGP feature prevents a router from installing an iBGP learned route in its routing table 
until the route is validated within the IGP? 

A. confederation 

B. aggregation 

C. advertise-map 

D. synchronization 

Answer: D 


QUESTION 856 

Which two statements about TCP are ture? (Choose two.) 

A. TCP option must be divisible by 32. 

B. It has a 16-bit window size. 

C. Its maximum data offset is fifteen 32-bit words. 

D. It has a 32-bit window size. 

E. Its maximum data offset is ten 32-bit words. 

F. It has a 32-bit checksum field. 

Answer: BC 


QUESTION 857 

Which EEM event detector is triggered by hardware installation or removal? 
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A. Enhanced-Object-Tracking Event Detector 

B. Resource Event Detector 

C. 01R Event Detector 

D. CLI Event Detector 

Answer: C 


QUESTION 858 

What are the two requirements for BGP to install a classful network into the BGP routing 
table?(Choose two) 

A. The AS contains the entire classfull network. 

B. A classful network statement with a lower administrative distance is in the routing table. 

C. Auto-summary is enabled. 

D. A classful network statement with a classful mask is in the routing table. 

E. Synchronization is enabled. 

F. Synchronization is disabled. 

Answer: CD 

QUESTION 859 

Independent, multiple OSPF processes are entered on the same router, and the processes have 
the same destination route. Which OSPF process is used? 

A. The route with the fewest hops is used. 

B. Both processes are used to load balance the traffic. 

C. The first route process that places a route into the routing table is used. 

D. The route with the shortest prefix is used. 

Answer: C 


QUESTION 860 

Which two statements about MPLS VPNs are true? (Choose two.) 

A. PE routers maintain customer routes in the VPN for that customer. 

B. They use the explicit-null label by default. 

C. P routers are used only for label transit. 

D. P routers maintain customer routes in the VPN for that customer. 

E. They support only one route target. 

F. Each interface on a PE router must have its own VRF. 

Answer: AC 


QUESTION 861 

Which three statements about IPsec VTIs are true? (Choose three.) 
A. IPsec sessions require static mapping to a physical interface. 
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B. They can send and receive multicast traffic. 

C. They can send and receive traffic over multiple paths. 

D. They support IP routing and ACLs. 

E. They can send and receive unicast traffic. 

F. They support stateful failover. 

Answer: BDE 


QUESTION 862 

Which three values can you use to configure an ERSPAN destination session? (Choose three.) 

A. VLAN ID 

B. source IP address 

C. destination IP address 

D. ID number 

E. VRF 

F. session name 

Answer: BDE 

QUESTION 863 

In IPv6 Path MTU Discovery, which ICMP message is sent by an intermediary router that requires 
a smaller MTU? 

A. Time Exceeded, with code 1 (fragment reassembly time exceeded) 

B. Packet Too Big 

C. Destination Unreachable, with code 4 (the datagram is too big) 

D. Multicast Termination Router 

Answer: B 


QUESTION 864 

Which two operating modes does VPLS support? (Choose two.) 

A. transport mode 

B. strict mode 

C. port mode 

D. loose mode 

E. VLAN mode 

F. dynamic mode 

Answer: CE 


QUESTION 865 

Which IPv6 tunneling mechanism requires a service provider to use one of its own native IPv6 
blocks to guarantee that its IPv6 hosts will be reachable? 

A. 6rd tunneling 
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B. automatic 6to4 tunneling 

C. NAT-PT tunneling 

D. ISATAP tunneling 

E. manual ipv6ip tunneling 

F. automatic 4to6 tunneling 

Answer: A 


QUESTION 867 

Which two discovery mechanism does LDP support? (Choose two.) 

A. strict 

B. extended 

C. loose 

D. targeted 

E. basic 

Answer: BE 


QUESTION 868 

On a network using RIPng, the prefix field of a routing table entry has a value of 0:0:0:0:0:0:0:0. 
What does this value signify? 

A. The next hop address is unknown. 

B. The next hop address is a site-local address. 

C. The neighboring router has IPv6 ND disabled. 

D. The next hop address must be the originator of the route advertisement. 

E. The associated route follows a default route out of the network. 

Answer: E 


QUESTION 869 

Which AS_PATH attribute can you use to prevent loops when implementing BGP 
confederations? 

A. AS_CONFED_SET 

B. AS_SEQUENCE 

C. AS_CONFED_SEQUENCE 

D. AS_SET 

Answer: C 


QUESTION 870 

Which two statements about OSPF are true? (Choose two.) 

A. External type 2 routes are preferred over interarea routes. 

B. Intra-area routes are preferred over interarea routes. 

C. External type 1 routes are preferred over external type 2 routes. 
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D. External type 1 routes are preferred over intra-area routes. 

E. External type 2 routes are preferred over external type 1 routes. 

Answer: BC 


QUESTION 871 

Which two statements about the OSPF two-way neighbor state are true? (Choose two.) 

A. Each neighbor receives its own router ID in a hello packet from the other neighbor. 

B. Each neighbor receives a hello message from the other neighbor. 

C. It is valid only on NBMA networks. 

D. It is valid only on point-to-point networks. 

E. Each neighbor receives an acknowledgement of its own hello packet from the other neighbor. 

F. Each neighbor receives the router ID of the other neighbor in a hello packet from the other 
neighbor. 

Answer: AE 


QUESTION 872 

Which two options are differences between TACACS+ and RADIUS using AAA? (Choose two.) 

A. Only TACACS+ limits the protocols that are supported. 

B. Only RADIUS combines accounting and authentication. 

C. Only TACACS+ uses TCP. 

D. Only RADIUS combines authorization and accounting. 

E. Only RADIUS encrypts the password in packets from the client to the server. But leaves the body 
of the message unencrypted. 

Answer: CE 


QUESTION 873 

Which three responses can a remote RADIUS server return to a client? (Choose three.) 

A. Reject-Challenge 

B. Access-Reject 

C. Accept-Confirmed 

D. Access-Accept 

E. Access-Challenge 

F. Reject-Access 

Answer: BDE 


QUESTION 874 

Which two statements about device access control are true? (Choose two.) 

A. The AUX port is displayed as type tty in the output of the show line command. 

B. VTY lines are associated with physical interfaces on a network device. 

C. MPP restricts device-management access to interfaces that are configured under the control 
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plane host configuration. 

D. The enable password command sets an MD5 one-way encrypted password. 

E. The console port supports hardware flow control 

Answer: CE 


QUESTION 875 

In the DiffServ model, which class represents the highest priority with the lowest drop probability? 

n 

A. AF13 

B. AF43 

C. AF11 

D. AF41 

Answer: D 


QUESTION 876 

Which statement about traffic management when PIM snooping is enabled is true? 

A. Traffic is restricted to host ports. 

B. All multicast traffic is flooded to the designated router. 

C. Join message are flooded to all routers. 

D. Designated routers receive traffic only from groups through which a join message is received. 

Answer: D 


QUESTION 877 

Which two statements about the passive-interface command are true? (Choose two.) 

A. A RIP router listens to multicast updates from its neighbor but stops sending multicast updates 
the passive interface. 

B. In OSPF, configuring passive-interface at the interface level suppresses hello packets for the 
interface and all sub interfaces. 

C. An EIGRP router can form neighbor relationship on the passive interface, but incoming and 
outgoing multicast updates are disabled on the interface. 

D. A RIP router disables all incoming and outgoing multicast updates in the passive interface. 

E. In EIGRP, the passive interface stops sending hello packets. 

F. In OSPF, the passive interface can receive incoming routing updates and update the device 
routing table. 

Answer: AE 


QUESTION 878 

Which component of MPLS architecture uses protocols such as the label distribution protocol and 
tag distribution protocol to exchange labels? 

A. control plane 

B. data plane 
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C. forwarding plane 

D. routing plane 

Answer: A 


QUESTION 879 

Which two methods can you use to limit the range for EIGRP queries? (Choose two.) 

A. Use an access list to deny the multicast address 224.0.0.1 outbound from select EIGRP neighbor 
and permit everything else. 

B. Configure route tagging for all EIGRP routes. 

C. Summarize routes at the boundary routers of the EIGRP domain. 

D. Configure unicast EIGRP on all routers in the EIGRP domain. 

E. Configure stub routers in the EIGRP domain. 

F. Use an access list to deny the multicast address 224.0.0.10 outbound from select EIGRP 
neighbors and permit everything else. 

Answer: CE 


QUESTION 880 

Which two best practices does Cisco recommend to migrate a network from PVST+ to MST? 

(Choose two.) 

A. Start the migration at the edge nodes and work toward the root bridge. 

B. Before starting the transition, configure one of the edge nodes with a lower priority so that it 
becomes the root bridge after the transition. 

C. Before starting the transition, ensure that at least two nodes act as the root bridge for all VLANs in 
the network. 

D. Start the migration at the root bridge and work toward the edge nodes. 

E. Before starting the transition, configure one of the edge nodes with a higher priority so that it 
becomes the root bridge after the transition. 

F. Before starting the transition, ensure that one node is the root bridge for all VLANs in the network. 

Answer: AF 


QUESTION 881 

Which two statements best describes the difference between active mode monitoring and passive 

mode monitoring? (Choose two.) 

A. Active mode monitoring is the act of Cisco PfR gathering information on user packets assembled 
into flows by NetFlow. 

B. Active mode monitoring uses IP SLA probes for obtaining performance characteristics of the 
current exit WAN link. 

C. Passive mode monitoring uses IP SLA to generate probes for the purpose of obtaining 
information regarding the characteristics of the WAN links. 

D. Passive mode monitoring uses NetFlow for obtaining performance characteristics of the exit WAN 
links. 

Answer: BD 
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QUESTION 882 

Refer to the exhibit. Which two route types are advertised by a router with this configuration? 
(Choose two.) 

router eigrp 1 
network 10.0.0.0 
eigrp stub 


A. connected 

B. external 

C. summary 

D. static 

E. redistributed 

Answer: AC 


QUESTION 883 

Refer to the exhibit. Which two statements about this egress queue are true? (Choose two.) 



A. The queue 3 buffer is allocated 20 percent, its drop threshold is 100 percent, and it is guaranteed 
400 percent of memory. 

B. The queue 1 buffer is allocated 30 percent, its drop threshold is 25 percent, and it is guaranteed 
100 percent of memory. 

C. The queue 1 buffer is allocated 30 percent, its drop threshold is 100 percent, and it is guaranteed 
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150 percent of memory. 

D. The queue 2 buffer is allocated 30 percent, its drop threshold is 200 percent, and it can use at 
maximum 400 percent of memory. 

E. The queue 3 buffer is allocated 30 percent, its drop threshold is 100 percent, and it can use at 
maximum 400 percent of memory. 

Answer: BD 


QUESTION 884 

Which two statements about the function of PIM designated router are true? (Choose two.) 

A. It registers directly connected source to the PIM rendezvous point. 

B. It sends PIM asserts on the interface of the outgoing interface list. 

C. It sends PIM Join/Prune messages for directly connected receivers. 

D. It forwards multicast traffic from the source into the PIM network. 

E. It sends IGMP queries. 

Answer: AC 


QUESTION 885 

Refer to exhibit. The router is unreachable using telnet. Which option is solution? 


definition 

ard 1:1 '• 1 ■ / j ; i/ ] 

address—family ipv4 

0 . . "t ll 1 , i. !./; •: I* , 

interface GigabitEthei;net|0/O 
vrf fo rwa. x~ciin<j MGMT ‘ , ,\f 


KM* 






1 i 


ip address 192.168.0.1 255.255.255o'| 

i 


ip access-list .standard MGMT 
permit any 
I 

line vty O 4 
access-class MGMT in 
transport input telnet 
output none 


I I U 


>.<apo ,w-i :A I 

1 ;! f Jl!| 

]'■'' 


A. Use an extended access list instead of standard access list. 

B. The transport output telnet command must be added. 

C. The VRF configuration must be completed. 

D. The "vrf-also" keyword must be added to the access-class configuration. 

Answer: D 


QUESTION 886 
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Refer to the exhibit. The Mainl and Branchl switches are connected directly over an MPLS 
pseudowire, and both run UDLD. After router B1 reloads because of a power failure, the 
pseudowire is restored. However, the Branchl switch is unable to reach the Mainl switch. 
Which two actions can you take to restore connectivity and prevent the problem from recurring? 
(Choose two.) 



A. Configure a backup pseudowire between the Mainl and Branchl switches. 

B. Enable UDLD recovery on both the Mainl and Branchl switches. 

C. Configure a backup GRE tunnel between the Mainl and Branchl swiitches. 

D. Enable errdisable recovery on both the Mainl and Branchl switches. 

E. Issue the shutdown and no shutdown commands on both the Branchl switch’s uplink to the B1 
router and the Mainl switch’s uplink to the Ml router. 

F. Issue the shutdown and no shutdown commands on the Branchl switch uplink to the B1 router 
only. 

Answer: DF 


QUESTION 887 

Drag and Drop Question 

Drag and drop the SNMP element on the left to the corresponding definition on the right. 
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Answer: 




QUESTION 888 

Drag and Drop Question 

Drag and drop Layer 2 QoS Commands on the left to the corresponding functions on the right. 


wrr-queue bandwidth 


assigns a queue 



wrr-queue cos-map 


assigns a 6-bit value 



wrr-queue dscp-map 


sets drop values for both the send and receive 
queues 



wrr-queue limit 


sets queue weights 



wrr-queue random-detect 


sets the minimum and maximum WRED threshold 



wrr-queue threshold 


sets the queue-size ratio 


Answer: 
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wrr-queue bandwidth 


wrr-queue cos-map 



wrr-queue cos-map 


wrr-queue dscp-map 



wrr-queue dscp-map 


wrr-queue threshold 



wrr-queue limit 


wrr-queue bandwidth 



wrr-queue random-detect 


wrr-queue random-detect 



wrr-queue threshold 


wrr-queue limit 


QUESTION 889 

In which order of magnitude (time) is delay/latency measured when you use wide metrics in 
EIGRP? 

A. tens of microseconds 

B. picoseconds 

C. mamoseconds 

D. microseconds 

Answer: B 


QUESTION 890 

Which statement about the BGP synchronization rule is true? 

A. A BGP router with synchronization enabled does not advertise its iBGP learned routes to its iBGP 
peers unless it has learned or verified this route on its routing table through an IGP. 

B. A BGP router with synchronization enabled does not advertise its eBGP learned routes to its 
iBGP peers unless it has learned or verified this route on its routing table through an IGP. 

C. A BGP router with synchronization enabled does not advertise its eBGP learned routes to its 
eBGP peers unless it has learned or verified this route on its routing table through an IGP. 

D. A BGP router with synchronization enabled does not advertise its iBGP learned routes to its 
eBGP peers unless it has learned or verified this route on its routing table through an IGP. 

Answer: D 


QUESTION 891 

Which tunnel type can be used with encryption to provide security for IPv6 over IPv4? 

A. 6RD 

B. 6to4 

C. ISATAP 
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D. IPv4-compatible 

E. GRE 

Answer: E 


QUESTION 892 

Which QoS mechanism is used to implement CoPP? 

A. RSVP 

B. rate limiting 

C. FIFO 

D. MQC 

Answer: D 


QUESTION 893 

Which two statements about RIPng are true? (Choose two.) 

A. IPv6 can support as many as 8 equal-cost routes. 

B. IPv6 can support as many as 32 equal-cost routes. 

C. A route with a metric of 15 is advertised as unreachable. 

D. Both inbound and outbound route filtering can be implemented on a single interface. 

E. 16 is the maximum metric it can advertise. 

Answer: DE 


QUESTION 894 

Which statement about the EIGRP SRTT is true? 

A. It is the average time that it takes for a reliable packet to be acknowledged. 

B. It is six time the RTO. 

C. It is the time that it takes for an update to be received by a peer. 

D. It is the time it takes to receive a reply to a query. 

Answer: A 


QUESTION 895 

Which three statements are true about the spanning-tree loop guard feature? (Choose three.) 

A. Loop guard affects UplinkFast operation. 

B. Loop guard can be enabled on PortFast ports. 

C. Loop guard operation is not affected by the spanning-tree timers. 

D. Loop guard must be enabled on point-to-point link only. 

E. Loop guard cannot be enabled on a switch that also has root guard enabled. 

F. Loop guard can detect a unidirectional link. 

Answer: CDE 
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QUESTION 896 

Which attribute enables BGP confederation to prevent loops? 

A. ATOMIC_AGGREGATE 

B. ORIGIN 

C. NEXT HOP 

D. AS-PATH 

Answer: D 


QUESTION 897 

Which three statements are true for a network with 10 switches and 126 segments? (Choose 
three.) 

A. It has 10 designated ports. 

B. It has 63 designated ports. 

C. It has 10 root ports. 

D. It has 9 root ports. 

E. It has 126 designated ports. 

F. It has only one root bridge. 

Answer: DEF 


QUESTION 898 

In a Catalyst 6500 VSS setup, what is the function of RRP? 

A. It determines link integrity and rejects any unidirectional links. 

B. It determines which chassis becomes active and which chassis becomes standby. 

C. It determines which links in an Ether Channel forward traffic. 

D. It prepares the configuration file and brings up the VSL interfaces. 

Answer: B 


QUESTION 899 

Refer to the exhibit. Assume that the distances are set to default. 

Which statement about how the 10.0.0.0 network will reach the 10.1.1.0/24 network is true? 



A. A routing loop will occur. 
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B. Packets will be load balanced. 

C. The path through OSPF will be used. 

D. The path through EIGRP will be used. 

Answer: C 


QUESTION 900 

Refer to the exhibit. Prefix 192.168.1.0/31 is currently two-way ECMP. How can you make 
Ethernet0/0 the preferred path? 


Rl#sho ip route 192.168.1.0 255.255.255.254 
Routing entry for 192.168.1.0/31 

Known via "ospf 1", distance 110, metric 20, type intra area 
Last update from 192.168.1.2 on Ethernet0/0, 00:06:03 ago 
Routing Descriptor Blocks: 

* 192.168.1.4, from 2.2.2.2, 00:31:07 ago, via Ethernetl/0 
Route metric is 20, traffic share count is 1 
192.168.1.2, from 1.1.1.1, 00:06:03 ago, via Ethernet0/0 
Route metric is 20, traffic share count is 1 


A. Increase the OSPF cost of Ethernetl/0 so that the OSPF cost is higher on Ethernetl/0 than on 
Ethernet0/0. 

B. Increase the bandwidth of Ethernetl/0 so that it has a higher bandwidth than EthemetO/O. 

C. Increase the OSPF cost of Ethernet0/0 so that the OSPF cost is higher on Ethernetl/0 than on 
EthernetO/O. 

D. Log in to the router that is connected to Ethernet0/0 and lower the OSPF cost on the interface 
that is connected to Ethernet0/0. 

Answer: A 


QUESTION 901 

Refer to the exhibit. The OSPF adjacency between two routers cannot be established. 
What is the root cause of the problem? 
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□ Open Shortest Path First 

B Open Shortest Path First 

□ OSPF Header 

El OSPF Header 

Version: 2 

Version: 2 

Message Type: Hello Packet (1) 

Message Type: Hello Packet (1) 

Packet Length: 44 

Packet Length: 44 

Source OSPF Router: 10.155.255.1 (10.155.255.1) 

Source OSPF Router: 10.155.255.2 (10.155.255.2) 

Area ID: 0.0.0.10 (0.0.0.10) 

Area ID: 0.0.0.10 (0.0.0.10) 

Checksum: 0x0000 (None) 

Checksum: 0x0000 (None) 

Auth Type: Cryptoqraphic (2) 

Auth Type: Cryptoqraphic (2) 

Auth Crypt Key id: 121 

Auth Crypt Key id: 121 

Auth Crypt Data Lenqth: 16 

Auth Crvpt Data Lenqth: 16 

Auth Crypt Sequence Number: 1421584632 

Auth Crypt Sequence Number: 1421584519 

Auth Crypt Data: 589382284493al312be3511bdf6673cd 

Auth Crypt Data: el35d573c8e2f5e89cd336e80cccf398 

□ OSPF Hello Packet 

□ OSPF Hello Packet 

Network Mask: 255.255.255.0 (255.255.255.0) 

Network Mask: 255.255.255.0 (255.255.255.0) 

Hello Interval [sec]: 10 

Hello Interval [sec]: 10 

□ Options: 0x12 (L, E) 

□ Options: 0x18 (L, NP) 

0.= DN: Not set 

0.= DN: Not set 

.0.=0: Not set 

.0.= O: Not set 

..0.= DC: Demand Circuits are NOT supported 

.. 0.= DC: Demand Circuits are NOT supported 

...1 .... = L: The packet contains LLS data block 

...1 .... = L: The packet contains LLS data block 

_ 0... = NP: NSSA is NOT supported 

.... 1... = NP: NSSA is supported 

.0.. = MC: NOT Multicast Capable 

.0.. = MC: NOT Multicast Capable 

.1. = E : External Routing Capability 

.0. = E : NO External Routing Capability 

.0 = MT: NO Multi-Topoloqy Routing 

.0 = MT: NO Multi-Topoloqy Routing 

Router Priority: 1 

Router Priority: 10 

Router Dead Interval [sec]: 40 

Router Dead Interval [sec]: 40 

Designated Router: 10.155.135.1 (10.155.135.1) 

Designated Router: 10.155.135.2 (10.155.135.2) 

Backup Designated Router: 0.0.0.0 (0.0.0.0) 

Backup Designated Router: 0.0.0.0 (0.0.0.0) 

0OSPF LLS Data Block 

0OSPF LLS Data Block 


A. Both routers are designated routers. 

B. different area ID 

C. mismatched OSPF network types 

D. authentication error 

E. area type mismatch 

Answer: E 


QUESTION 902 

If MPLS label packets are swapped, what happens to the TTL value? 

A. It is preserved. 

B. It is set to 255. 

C. It is decremented. 

D. It is set to zero. 

Answer: C 


QUESTION 903 

Which encapsulation is used when deploying EIGRP OTP? 

A. GRE 

B. LISP 

C. PPP 

D. dotlq 

E. MPLS 

F. ISL 

Answer: B 


QUESTION 904 
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What is the minimum link MTU value for IPv6? 

A. 68 bytes 

B. 1200 bytes 

C. 500 bytes 

D. 1280 bytes 

Answer: D 


QUESTION 905 

Which two statements about VRF-lite are true? (Choose two) 

A. It can increase the packet switching rate. 

B. It supports most routing protocols, including EIGRP, ISIS, and OSPF. 

C. It supports MPLS-VRF label exchange and labeled packets. 

D. It should be used when a customer's router is connected to an ISP over OSPF. 

E. It can support multiple customers on a single switch. 

Answer: DE 


QUESTION 906 

Which two statements about BFD operation are true? (Choose two) 

A. It can detect and bypass failed peers. 

B. It supports asynchronous mode. 

C. It detects failure in the forwarding path between routers over a long duration. 

D. It supports fast peer failure detection independently of the routing protocol. 

E. It provides a high-overhead, shot-duration method of detecting path failures. 

Answer: BD 


QUESTION 907 

Which routing protocol is used on PE routers to exchange VPNv4 routes? 

A. EIGRP 

B. OSPF 

C. MP-BGP 

D. 0SPFv3 

Answer: C 


QUESTION 908 

Which two statements about Cisco IOS software and Cisco IOS-XE software are true? (Choose 
two) 

A. The process lOSd on Cisco IOS-XE software runs all routing protocols. 

B. Cisco IOS-XE software is based on a monolithic architecture. 

C. Cisco IOS software allows processes to use different CPU cores. 
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D. Cisco IOS-XE software uses a hardened BSD version as the base OS. 

E. Cisco IOS-XE software utilizes a separate control and forwarding plane. 

Answer: AE 


QUESTION 909 

Refer to the exhibit. A TCP application in class APP1 is guaranteed bandwidth as shown in the 
exhibit. A UDP-based application is introduced that is also running the DSCP AF31 markings. 

class-map match-all APPl 
match ip dscp af31 

i 

I 

policy-map PROTECT_APPS 
class APPl 

bandwidth 2000 

i 

Which option describes what happens when link congestion occurs and both applications need 
more bandwidth as guaranteed by the bandwidth statement? 

A. UDP dominance occurs, which causes the TCP-based application in class APPl to underperform. 

B. Both applications receive a bandwidth of 2 Mb/s and are best effort within the class APPl. 

C. There is no impact when the UDP-based application is introduced. 

D. Both applications receive a bandwidth of 2 Kb/s and are best effort within the class APPl. 

Answer: A 


QUESTION 910 

Which two options describe the effect of configuring an interface as passive under OSPF? 

(Choose two) 

A. An adjacency cannot be established, and the interface is not included in the routing protocol 
update. 

B. The interface processes OSPF hello packets but does not send hello packets. 

C. An adjacency cannot be established, and the interface is included in the routing protocol update. 

D. The interface processes OSPF hello packets and also sends hello packets. 

E. An adjacency can be established, and the interface is not included in the routing protocol update. 

Answer: BC 


QUESTION 911 

Which feature can be used to block traffic from one host to another within one VLAN on a Layer 2 
switch? 
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A. port security 

B. dotlx 

C. access list 

D. protected ports 

Answer: D 


QUESTION 912 

Refer to the exhibit. Why is interface loopback 0 of R4 missing in the BGP table of R2? 



hostname R2 

'hostname R3 

hostname R4 

1 

router ospf 1 

router ospf 1 

router ospf 1 

network 0.0.0.0 255.255.255.255 area 0 

network 0.0.0.0 255.255.255.255 area 0 

11 

network 0.0.0.0 255.255.255.255 area 0 

1 

router bgp 65001 

router bgp 65001 

router bgp 65001 

no synchronization 

no synchronization 

no synchronization 

bgp cluster-id 3.3.3.3 

network 3.3.3.0 mask 255.255.255.0 

network 4.4.4.0 mask 255.255.255.0 

network 2.2.2.0 mask 255.255.255.0 

neighbor 10.1.23.2 remote-as 65001 

neighbor 10.1.34.3 remote-as 65001 

neighbor 10.1.12.1 remote-as 65105 

neighbor 10.1.34.4 remote-as 65001 

neighbor 10.1.45.5 remote-as 65105 

neighbor 10.1.23.3 remote-as 65001 

neighbor 10.1.34.4 route-reflector-client 

no auto-summary 

no auto-summary 

no auto-summary 




A. R2 is not configured as a route reflector client. 

B. The route is originating in the same cluster list. 

C. The route originated within the same AS. 

D. The next hop is not reachable form R2. 

Answer: A 


QUESTION 913 

Which two statements about static route configuration are true? (Choose two) 

A. They add to the number of routes in the routing table. 

B. The distance command modifies the administrative distance 
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C. The redistribute static command will redistribute classful networks into OSPF. 

D. They add significant overhead to the router CPU. 

E. The ip route static bfd command is used for BFD peer discovery. 

F. The permanent key word allows the route to remain in the route table if the interface goes down. 

Answer: CF 


QUESTION 914 

Which three statements about dotlQ trunking are true? (Choose three) 

A. A trunk port can be a tunnel port. 

B. The default switchport mode is dynamic desirable. 

C. A trunk port can be a secure port. 

D. Trunk ports negotiate encapsulation by default. 

E. Enabling 802.lx on a trunk port results in an error. 

F. The default switchport mode is dynamic auto. 

Answer: AEF 


QUESTION 915 

Which three topologies are standardized by the Metro Ethernet Forum? (Choose three) 

A. E-LAN 

B. VPWS 

C. E-Tree 

D. E-Line 

E. NPE 

F. PNNI 

Answer: ACD 


QUESTION 916 

What are two requirements for BFD static route support? (Choose two) 

A. CEF must be configured on all routers that will carry traffic. 

B. BFD must be configured on all Ethernet, virtual-template, and dialer interfaces that will carry 
traffic. 

C. All routers that will carry traffic must have the same software version. 

D. All routers that will carry traffic must be the same model. 

E. Parameters must be configured on all routers that will carry traffic. 

F. Parameters must be configured on all interfaces that will carry traffic. 

Answer: AF 


QUESTION 917 

Which two statements about marking fields are true? (Choose two) 
A. The IP Precedence field is in the IP header and is 4 bits long. 
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B. The Frame Relay DE field is in the IP header and is 1 bit long. 

C. The 3 priority bits are in 802.1 Q/P. 

D. The IP DSCP field is in the IP header and is 6 bits long. 

E. The ToS 6 bits are in the IP header. 

Answer: CD 


QUESTION 918 

Which three options describe characteristics of a link state routing protocol? (Choose three) 

A. It uses cost in the metric calculation to determine the best path. 

B. It uses hop count in the metric calculation to determine the best path. 

C. It provides faster convergence as opposed to distance vector routing protocols. 

D. It is better in detecting suboptimal routing. 

E. It is topology driven and has an overall overview of the network. 

F. It only has a neighbor routing table. 

Answer: ACE 


QUESTION 919 

Refer to the exhibit. When attempting to use Telnet to connect to 192.168.5.5, you received the 
given error message. Which configuration change is most likely to correct the problem? 

ABC-l#telnet 192.168.5.5. 

% telnet connections not permitted from this terminal 

A. Remove protocol filtering on 192.168.5.5 

B. Configure the VTY lines to allow Telnet as a transport output. 

C. Configure ACL on the control plane interface of ABC-1, to allow TCP connections to port 21. 

D. Configure the VTY lines to allow Telnet as a transport input. 

E. Configure the AUX port to allow Telnet as a transport output. 

Answer: B 


QUESTION 920 

Which three features are supported by PIMv6? (Choose three) 

A. embedded RP 

B. MSDP 

C. Auto-RP 

D. sparse mode 

E. SSM 

F. dense mode 

Answer: ADE 


QUESTION 921 

How is traffic directed to a 6RD tunnel interface from the native IPv6 Internet? 
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A. Traffic is routed to the 6RD gateway of the ISP and encapsulated over IPv4 to the tunnel 
interface. 

B. Traffic is sent encapsulated in IPv4 from the native IPv6 host directly to the tunnel interface. 

C. Traffic is routed to the nearest public gateway and encapsulated over IPv4 to the tunnel interface. 

D. Traffic is routed to the nearest public relay and encapsulated over IPv4 to the tunnel interface. 

Answer: C 


QUESTION 922 

Which function does PHP perform? 

A. popping the top label one hop before the egress LSR 

B. popping the top label at the egress LSR 

C. popping the bottom label one hop before the egress LSR 

D. popping the bottom label at the egress LSR 

E. popping the two topmost labels one hop before the egress LSR 

F. popping the two bottommost labels one hop before the egress LSR 

Answer: A 


QUESTION 923 

Which packet is sent out by the DIS in IS-IS? 

A. LSP 

B. PSNP 

C. CSNP 

D. LSDB 

Answer: C 


QUESTION 924 

Refer to the exhibit. Which statement is true? 

P$show ip route multicast 
Routing Table: multicast 

10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks 
10.1.1.0/24 is directly connected, Ethernetl/O 

10.1.1.4/32 is directly connected, Ethernetl/O 

10.1.2.4/32 is directly connected, Ethernet2/0 

10.1.3.4/32 is directly connected, Ethernet3/0 

+ 10.100.1.1/32 [110/111 via 10.1.1.1, 00:02:56, Ethernetl/O 

♦ 10.100.1.2/32 [110/11J via 10.1.2.2, 00:02:56, Ethernet2/0 

+ 10.100.1.3/32 [110/11) via 10.1.3.3, 00:02:56, Ethernet3/0 

10.100.1.4/32 is directly connected, LoopbackO 


C 

L 

L 

L 

0 

O 

o 

c 


A. The "+" indicates that the routes will be removed after a times expires. 

B. The "+" indicates that the routes were added through multicast static route. 
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C. The "+" indicates that the routes are replicated routes from the unicast RIB. 

D. The "+" indicates that the routes are SAFI 2 routes. 

Answer: C 


QUESTION 925 

Which three actions can you take to mitigate excessive unicast packet flooding? (Choose three) 

A. Configure a switchport for trunking mode. 

B. Enable spanning tree portfast. 

C. Configure storm control. 

D. Configure switchport blocking. 

E. Create a native VLAN. 

F. Configure a switchport for protected mode. 

Answer: BCD 


QUESTION 926 

Refer to the exhibit. Which option describes how a device with this configuration applies traffic 
matching? 

R2 (conf ig) #class-map rr.at.ch qos 
R2(config-cmap)#match access-group 8 
R2(config-cmap)#match dscp EF 

A. It matches traffic in ACL 8 that has a DCSP marking of EF. 

B. It matches all traffic that has QoS markings. 

C. It matches all traffic in ACL 8 and all traffic that has a DSCP marking of EF. 

D. It matches all traffic that has a DSCP marking of EF. 

E. It matches all traffic in ACL 8. 

Answer: A 


QUESTION 927 

Which information does RA guard use to determine if an RA is allowed? 

A. a trusted binding-table database generated from RS messages. 

B. information output from IPv6 snooping. 

C. a trusted binding-table database generated from ND messages. 

D. manually configured trust sources. 

Answer: D 


QUESTION 928 

Which two statements are true about DAI? (Choose two) 
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A. A valid binding in the database takes precedence over an ARP ACL. 

B. The switch intercepts and checks ARP traffic on trusted and untrusted ports. 

C. DAI uses the ARP table to determine the validity of the IP to MAC bindings. 

D. DAI ensures that only valid ARP requests and responses are relayed. 

E. DAI uses the DHCP snooping binding database to determine the validity of the IP to MAC 
bindings. 

Answer: DE 


QUESTION 929 

What are the minimum requirements for Cisco PfR to provide routing control? 

A. one master controller, two border routers, two internal interfaces, and two external interfaces 

B. one master controller, one border router, one internal interface, and two external interfaces. 

C. one master controller, two border router, one internal interface, and one external interface. 

D. one master controller, one border router, two internal interfaces, and one external interface. 

E. two master controllers, one border router, one internal interface, and one external interface. 

Answer: B 


QUESTION 930 

Which GET VPN component maintains security policies? 

A. group member 

B. CE 

C. P 

D. key server 

E. PE 

F. GDOI 

Answer: D 


QUESTION 931 

Which enhancement does IGMP version 3 offer over IGMP version 2? 

A. support for Source Specific Multicast 

B. a mechanism to decrease leave latency 

C. authentication of multicast streams 

D. backward compatibility with IGMP version 1 

Answer: A 


QUESTION 932 

Which two statements about VPLS are true? (Choose two) 

A. The service provider provisions CE devices. 

B. It transmits broadcast traffic more efficiently than Ethernet switches. 

C. It uses broadcast replication to transmit Ethernet packets with multicast MAC addresses. 
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D. It enables CE devices to operate as part of an L3 VPN. 

E. It enables CE devices on different networks to operate as if they were in the same LAN. 

F. It enables PE and CE devices to operate as if they were routing neighbors. 

Answer: CE 


QUESTION 933 

What is the default IS-IS interface metric on a Cisco router? 

A. 128 

B. 64 

C. 10 

D. 255 

Answer: C 


QUESTION 934 

Refer to the exhibit. Which two technologies allow the Host MAC address to be visible to Host A? 
(Choose two) 



MPLS 


A. L2TPv3 

B. AToM 

C. MPLS Layer 3 VPN 

D. GRE tunneling 

E. LISP tunneling 

F. 802.3ad 

Answer: AB 


QUESTION 935 

Refer to the exhibit. The PC is experiencing intermittent connectivity failures to the internet. 
If ADSL-R1 uses a PPPoE connection, what action can you take to correct the problem? 
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ADSL-R1 

interface Dialerl 

dialer pool 1 

encapsulation ppp 

ip address negotiated 

ip ospf 1 area 0 

interface GigabitEthemetO/1 

pppoe-client dial-pool-number 1 



A. Configure the same OSPF process on HomeRI and HomeSI. 

B. Configure an MTU of 1492 on the dialer interface on ADSL-R1. 

C. Configure OSPF on the connection between PCI and HomeSI. 

D. Configure a system MTU of 1512 on ADSL-R1. 

E. Replace the dialer interface with a virtual template. 

Answer: B 


QUESTION 936 

Refer to the exhibit. Which kind of ICMPv6 packet is shown in the output? 

I Ethernet II, Src: D-Link_ac:fe:56 (00:50:ba:ac:fe:56), Dst: IPv6-Neighbor-Discovery_ff:84:18:d9 (33:33:ff:84:18:d9) 
I I Destination: IPv6-Neighbor-Discovery_ff:84:18:d9 (33:33:ff:84:18:d9) 

Address: IPv6-Neighbor-Discovery_ff:84:18:d9 (33:33:ff:84:18:d9) 

.1.= Multicast: This is a MULTICAST frame 

.1.= Locally Administrated Address: This is NOT a factory default address 

0 Source: D-Link_ac:fe:56 (00:50:ba:ac:fe:56) 

Address: D-Link_ac:fe:56 (00:50:ba:ac:fe:56) 

.0.= Multicast: This is a UNICAST frame 

.0.= Locally Administrated Address: This is a FACTORY DEFAULT address 

Type: IPv6 (0x86dd) 

Internet Protocol Version 6 
Version: 6 
Traffic class: 0x00 
Flowlabel: 0x00000 
Payload length: 32 
Next header: ICMPv6 (0x3a) 

Hop limit: 255 

Source address: fe80::250:baff:feac:fe56 
Destination address: ff02::l:ff84:18d9 
Internet Control Message Protocol v6 
Type: 135 
Code: 0 

Checksum: 0xc92d [correct] 

Target: fe80::20e:cff:fe84:18d9 
0 ICMPv6 options 

Type: 1 (Source link-layer address) 

Length: 8 bytes (1) 

Link-layer address: 00:50:ba:ac:fe:56 

A. neighbor advertisement 

B. neighbor solicitation 

C. router discovery 

D. time exceeded 

E. router advertisement 

Answer: B 
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QUESTION 937 

Which statement is true about PIM? 

A. PIM SM uses shared trees. 

B. In Bidir-PIM, sources register to RP as in PM SM. 

C. The PIM DM flood and prune process is repeated every five minutes. 

D. PIM SM mode, by default, always forwards multicast traffic on shared tree. 

Answer: A 


QUESTION 938 

Which two statements are true about control plane policing? (Choose two.) 

A. Control plane policing will affect only traffic that is destined to the route processor. 

B. Access lists that are used in policies for control plane policing must not use the log keyword. 

C. Access lists that use the deny rule in control plane policing do not progress to the next class. 

D. The log keyword can be used but the log-input keyword must not be used in policing. 

Answer: AB 


QUESTION 939 

Which two security risks can occur with PMTUD? (Choose two) 

A. An attacker can block valid Datagram Too small messages, to cause a DDos. 

B. An attacker can block valid Datagram Too small messages, to cause a Dos. 

C. An attacker can slow data flow by sending false messages that indicate that the PMTU is 
significantly smaller than the true PMTU. 

D. An attacker can cause data lost by sending false messages that indicate that the PMTU is 
significantly smaller than the true PMTU. 

E. An attacker can cause data lost by sending false messages that indicate that the PMTU is 
significantly larger than the true PMTU. 

F. An attacker can slow data flow by sending false messages that indicate that the PMTU is 
significantly larger than the true PMTU. 

Answer: BD 


QUESTION 940 

Which three statements about BGP soft reconfiguration are true? 

A. Outbound soft reconfiguration stores an additional copy of the routes advertised to a neighbor 
before routing policies take effect. 

B. Inbound soft reconfiguration stores an additional copy of the routes received from a neighbor 
before routing policies take effect. 

C. Outbound soft reconfiguration requires additional configuration on the BGP neighbor. 

D. Inbound soft reconfiguration requires additional configuration on the BGP neighbor. 

E. Outbound soft reconfiguration requires additional memory. 

F. Inbound soft reconfiguration requires additional memory. 

Answer: BDF 
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QUESTION 941 

Which option describes the purpose of the no ip next-hop-self eigrp configuration line in DMVPN 
deployment? 

A. It allows the spoke routers to change the next hop value when sending EIGRP updates to the hub 
router. 

B. It enables EIGRP to dynamically assign the next hop value based on the EIGRP database. 

C. It preserves the original next hop value as learned by the spoke routers. 

D. It preserves the original next hop value as learned by the hub routers. 

E. It allows the spoke routers to change the next hop value when sending EIGRP updates to the 
spoke router. 

Answer: C 


QUESTION 942 

Which option describes the effect of the command ip route vrf DMZ 192.168.0.0 255.255.0.0 

172.16.5.5 global? 

A. It creates a static route in the global routing table for 192.168.0.0 255.255.0.0, and the next hop is 
in the VRF DMZ. 

B. It creates a static route in the global routing table for 192.168.0.0 255.255.0.0 and the next hop is 
in the global routing table. 

C. It creates a static default route in the VRF DMZ; and the next hop is in the global routing table. 

D. It creates a static route in the VRF DMZ for 192.168.0.0 255.255.0.0, and the next hop is in the 
VRF DMZ. 

E. It creates a static route in the VRF DMZ for 192.168.0.0 255.255.0.0, and the next hop is in the 
global routing table. 

Answer: E 


QUESTION 943 

Which two statements about private VLAN communications are true? (Choose two) 

A. Primary VLAN traffic is passed across trunk interfaces. 

B. Isolated ports communicate with other isolated ports. 

C. Promiscuous ports communicate with all other ports. 

D. Promiscuous ports connect only to routers. 

Answer: AC 


QUESTION 944 

What are the two Cisco recommended methods for reducing the size of the TCAM on a Layer 3 
switch? 

A. Use the ip route profile command. 

B. Adjust the output queue buffers. 

C. Filter unwanted routes. 

D. Optimize the SDM template. 
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E. Use summary routes. 

Answer: CE 


QUESTION 945 

You are performing a system diagnostics on a CSU in local loop mode and notice that the 
mineseen counter has failed to increment. Which type of problem does this behavior indicate? 

A. a cabling problem 

B. an encoding problem 

C. a framing problem 

D. a timing problem 

Answer: D 


QUESTION 946 

Refer to the exhibit. Which two statements about the device configuration are true? (Choose two) 

Routerfshow management-interface 
Management interface GiqabitEtherentO/1 
Protocol Packets processed 
Ssh 983 

Snmp 1275 

A. The device has control-plane protection enabled. 

B. The device implicitly allows Telnet connections. 

C. The GigabitEthernetO/1 interface of the device allows incoming SSH and SNMP connections. 

D. The device has management-plane protection enabled. 

E. The device allows SSH connections to its loopback interface. 

Answer: CD 


QUESTION 947 

Which three fields are present in the IPv6 header? (Choose three) 


A. Next Header 

B. Traffic Class 

C. Options 

D. Time to Live 

E. Flags 

F. Flow Label 


Answer: ABF 


QUESTION 948 
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Refer to the exhibit. Which two statements can this output verify? (Choose two) 

EIGRP-IPv4 neighbors for process 99 


H 

Address 

Interface 

Hold Uptime 
(sec) 

SRTT 

(ms) 

RTO 

0 

Cnt 

Seq 

Num 

0 

192 . 168 .252.8 

Gil/13 

14 00:00:28 

1 

200 

0 

5 


Restart time 00:00:24 

Version 12.2/3.0, Retrans: 1, Retries: 0 
Topology-ids from peer - 0 


A. The device will wait 200 ms before retransmitting an EIGRP packet. 

B. The device must receive an EIGRP packet within 24 seconds to maintain a neighbor relationship. 

C. The EIGRP neighbor has been up for 28 seconds. 

D. The device must receive an EIGRP packet within 28 seconds to maintain a neighbor relationship. 

E. The device will tear down and restart its EIGRP process in 24 seconds. 

F. The EIGRP neighbor has been up for 28 ms. 

Answer: AC 


QUESTION 949 

Which two methods does Cisco IOS XE use to implement separation between the data plane and 
control plane? (Choose two) 

A. the FED 

B. a Linux-based CPU scheduler to efficiently manage the control and data planes. 

C. separates FFM-spawned subshells in the Linux kernels for the control plane and the data plane. 

D. a set of APIs to manage data plane processes 

E. a set of APIs to manage control plane processes 

Answer: AE 


QUESTION 950 

Which two configuration options are available for PIM snooping? (Choose two) 

A. on a specific interface on the device 

B. under the SVI for the corresponding VLAN 

C. on a range of interfaces on the device 

D. under the VLAN in VLAN configuration mode 

E. globally on the device 

Answer: BE 


QUESTION 951 

Which statement best describes IPv6 RA Guard? 

A. It redirects authorized device hello messages. 

B. It filters authorized IPv6 device advertisements on a link. 

C. It blocks unexpected IPv6 router announcements on a link. 

D. It validates ingress hello messages on a port. 
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Answer: C 


QUESTION 952 

Which two options are restrictions of BGP ORF? (Choose two) 

A. It can be used only with IPv4 multicast. 

B. It requires access lists to match routes. 

C. It can be used only with eBGP. 

D. Multicast is not supported. 

E. It can be used only with iBGP. 

Answer: CD 

QUESTION 953 

Which two statements about PIM snooping are true? (Choose two) 

A. It floods join and prune messages on all router ports. 

B. It requires designated forwarder election messages. 

C. When PIM snooping is enabled, the switch allows all multicast packets for each IP multicast 
group to send multicast packets to multicast router. 

D. It requires RGMP to be enabled on the VLAN. 

E. It requires IGMP snooping to be enabled on the switch. 

F. The ip pirn snooping command is an interface-level command. 

Answer: BE 


QUESTION 954 

Refer to the exhibit. Which two options are two problems that can occur with this configuration? 
(Choose two) 
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imp access-list standard LOOPBACK-ONLY 
permit 172.16.1.0 0.0.0.255 
interface loopbackO 

ip address 172.16.1.1 255.255.255.255 
interface GigabitEthernetO/O 

ip address 10.0.0.1 255.255.255.0 
load-interval 30 
mpls ip 
router ospf 1 

router-id 172.16.1.1 
network 10.0.0.1 0.0.0.0 area 0 
network 172.16.1.1 0.0.0.0 area 0 
mpls ldp neighbor 172.16.99.1 password cisco 
mpls ldp discovery targeted-hello accept 
mpls ldp advertise-labels for LOOPBACK-ONLY 


ip access-list standard LOOPBACK-ONLY 
permit 172.16.1.0 0.0.0.255 
permit 10.0.0.0 0.255.255.255 
int loopbackO 

ip address 172.16.99.1 255.255.255.255 
interface GigabitEthernet0/0 

ip address 10.0.0.2 255.255.255.0 
load-interval 30 
mpls ip 
router ospf 1 

routes id 172.16.99.1 
network 10.0.0.1 0.0.0.0 area 0 
network 172.16.99.1 0.0.0.0 area 0 
mpls ldp neighbor 172.16.1.1 password cisco 
mpls ldp discovery targeted-hello accept 
mpls ldp advertise-labels for LOOPBACK-ONLY 


A. The MPLS path from R1 to R5 becomes unreachable. 

B. R1 and R5 are unable to establish an LDP relationship. 

C. The label for the R1 loopback address is filtered from other MPLS routers. 

D. The label for the R5 loopback address is filtered from other MPLS routers. 

E. MPLS traffic from R1 to R5 takes a suboptimal path. 

Answer: AD 


QUESTION 955 

Which statement about Type-4 LSA in OSPFv2 is true? 

A. It is present only in the backbone area. 

B. It is generated by each ABR and forwarded in non-stub areas. 

C. It is forwarded in NSSA areas. 

D. It is generated by the ASBR and forwarded throughout the whole OSPF domain. 

Answer: B 


QUESTION 956 

Which two statements about OSPF route filtering are true? (Choose two) 

A. It can be based on the source router ID. 

B. It can be based on the external route tag. 

C. It affects LSA flooding. 
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D. It can be based on the as-path. 

E. It can be based on distance. 

Answer: AB 


QUESTION 957 

Refer to the exhibit. Which statement about the R3 network environment is true? 


R3#sho ip route 

Gateway of last resort is not set 




10 . 

O.O.i 

0/8 

is 

variably subnetted, 7 subnets, 2 masks 


0 



10 . 

12 . 

12 . 

0/24 

[110/2] via 

10.32.32.2, 00:02:44, 

FastEthernet2/1 

0 

E2 


10 . 

14 . 

14 . 

0/24 

[10/20] via 

10.32.32.2, 00:01:47, 

FastEthernet2/1 

c 



10 . 

23 . 

23 . 

0/24 

is directly 

connected, FastEthernet0/0 

I 



10. 

23 . 

23. 

3/32 

is directly 

connected, FastEthernet0/0 

c 



10. 

32 . 

32. 

0/24 

is directly 

connected, FastEthernet2/1 

I 



10. 

32 . 

32. 

3/32 

is directly 

connected, FastEthernet2/1 

0 



10 . 

42 . 

42. 

0/24 

[110/2] via 

10.32.32.2, 00:03:16, 

FastEthernet2/1 



172 

. 16 . I 

0.0/16 

is variably subnetted, 14 subnets, 2 masks 

0 



172 

. 16 

.1. 

1/32 

[110/3] via 

10.32.32.2, 00:02:34, 

FastEthernet2/1 

R 



172 

. 16 

.2. 

0/24 

[120/1] via 

10.32.32.2, 00:00:25, 

FastEthernet2/1 







[120/1] via 10 

.23.23.2, 00:00:28, FastEthernet0/0 

0 



172 

. 16 

.2. 

2/32 

[110/2] via 

10.32.32.2, 00:03:16, 

FastEthernet2/1 

C 



172 

. 16 

.3. 

0/24 

is directly 

connected, Loopback30 


I 



172 

. 16 

.3. 

3/32 

is directly 

connected, Loopback30 


0 



172 

. 16 

.4. 

4/32 

[110/3] via 

10.32.32.2, 00:03:16, 

FastEthernet2/1 

0 



172 

. 16 

.10 

. 1/32 

[110/3] via 

10.32.32.2, 00:02:34, 

FastEthernet2/1 

0 



172 

. 16 

.14 

. 4/32 

[110/3] via 

10.32.32.2, 00:03:16, 

FastEthernet2/1 

0 

E2 


172 

.16 

.20 

.0/24 

[10/20] via 

10.32.32.2, 00:01:47, 

FastEthernet2/1 

c 



172 

.16 

.23 

.0/24 

is directly 

connected, LoopbacklO 


0 



172 

.16 

.23 

.2/32 

[110/2] via 

10.32.32.2, 00:03:16, 

FastEthernet2/1 

I 



172 

.16 

.23 

.3/32 

is directly 

connected, LoopbacklO 


c 



172 

.16 

.32 

.0/24 

is directly 

connected, Loopback20 


L 



172 

. 16 

.32 

.3/32 

is directly 

connected, LoopbacK20 



A. 172.1.20.0/24 has an administrative distance of 20. 

B. RIP, OSPF and IS-IS are running. 

C. OSPF external routes are preferred over OSPF internal routes. 

D. The administrative distance for 172.16.X.X addresses is 110. 

Answer: C 


QUESTION 958 

What are IPv6 addresses of the form FC00::/7 known as? 

A. unique local addresses 

B. transition addresses for 6to4 

C. link-local addresses 

D. multicast RP addresses 
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Answer: A 


QUESTION 959 

Which two statements are correct about route redistribution? (Choose two) 

A. Redistributing the entire BGP table from the Internet works well when using multiple OSPF areas. 

B. iBGP is used within the AS to carry eBGP attributes that otherwise would be lost if eBGP was 
redistributed into IGP. 

C. The unequal cost multipath load-balancing characteristic is lost when redistributing OSPF into 
EIGRP. 

D. IS-IS does not support Layer 2 routes leaking into a Layer 1 domain. 

E. Mutual redistribution at multiple points can create a routing loop. 

Answer: BE 

QUESTION 960 

Which two conditions are required for tracking the interface IP routing state? (Choose two) 

A. A VRF must be enabled on the interface. 

B. IP routing must be disabled on the interface. 

C. Cisco Express Forwarding must be disabled on the interface. 

D. The interface line protocol must be up. 

E. A known IP address must be configured on the interface. 

Answer: DE 


QUESTION 961 

Which two statements about asymmetric routing are true? (Choose two) 

A. It can cause packet loss over stateful ICMP and UDP connections. 

B. It can cause packet loss when a stateful firewall is in use. 

C. It can cause TCP connections to close. 

D. It can cause packet loss when NAT is in use. 

E. It is uncommon in large networks. 

Answer: BD 


QUESTION 962 

Which two methods do IPsec VTIs use to identify and transmit encrypted traffic through the 
tunnel? (Choose two) 

A. object groups 

B. ACLs 

C. dynamic routing 

D. static routing 

E. NAT 

Answer: CD 
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QUESTION 963 

Which two statements about the STP dispute function are true? (Choose two) 

A. It compares the downstream port states reported in received BPDUs. 

B. The upstream switch uses received BPDUs to detect unidirectional link failures. 

C. The downstream switch uses received BPDUs to detect unidirectional link failures. 

D. When a designated port detects a conflict, it changes its role by reverting to a discarding state. 

Answer: AB 


QUESTION 964 

What does the DIS on a LAN periodically transmit in multicast to ensure that the IS-IS link-state 
database is accurate? 

A. ISH 

B. CSNP 

C. IIH 

D. PSNP 

E. LIP 

Answer: B 


QUESTION 965 

What is used to acknowledge the receipt of LSPs on a point-to-point network in IS-IS? 

A. hello 

B. CSNP 

C. PSNP 

D. IIH 

E. CSH 

Answer: C 


QUESTION 966 

Which three technologies can be used to implement redundancy for IPv6? (Choose three) 

A. IPv6 NA 

B. NHRP 

C. HSRP 

D. DVMRP 

E. GLBP 

F. IPv6 RA 

Answer: CEF 


QUESTION 967 

Which three values are used to generate a unique bridge ID for each VLAN in PVST+? (Choose 
three) 
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A. port cost 

B. max age 

C. spanning-tree MAC address 

D. port priority 

E. switch priority 

F. extended system ID 

Answer: CEF 


QUESTION 968 

When is it useful to disable split horizon on an EIGRP interface? 

A. Disable it when you want to provide additional backup paths in your network. 

B. Disable it when you want to send routes that are learned from another routing protocol to peer on 
the same interface. 

C. Disable it when you need to send updates to peers on the interface on which the updates were 
received. 

D. It is never advisable to disable split horizon on an EIGRP interface. 

Answer: C 


QUESTION 969 

Which BGP attribute is used to influence inbound traffic? 

A. weight 

B. origin 

C. multi-exit discriminator 

D. local preference 

Answer: C 


QUESTION 970 

Refer to the exhibit. Which two statements about this CoS mapping are true? (Choose two) 


wrr-queue cos-map 1223 


A. It maps the second queue and first threshold to CoS 2. 

B. It maps the first queue and first threshold to CoS 2 and CoS 3. 

C. It maps CoS values to the transmit queue threshold. 

D. It maps the second threshold to CoS and CoS 3. 

E. It maps the second queue and first threshold to CoS 3. 

Answer: CD 


QUESTION 971 

Refer to the exhibit. Between which routers is an LDP session established? 
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mpls label protocol ldp 

interface FastEthernetO/O 

description CONNECT! ON_TO_R1 

ip address 10.10.10.2 255.255.255.252 

duplex auto 

speed auto 

mpls ip 


mpls label protocol ldp 

mpls ldp router-id FastEthernetO/1 force 

interface FastEthernetO/O 

description CONNECT! ON_TO_R 2 

ip address 10.10.10.1 255.255.255.252 

duplex auto 

speed auto 

mpls ip 

interface FastEthernetO/1 

description CONNECT!ON_T0_R3 

ip address 10.10.10.9 255.255.255.252 

duplex auto 

speed auto 

mpls ip 


mpls label protocol ldp 

interface FastEthernetO/0 

description CONNECT!ON_TO_R1 

ip address 10.10.10.10 255.255.255.252 

duplex auto 

speed auto 

mpls ip 


A. R1 and R3 

B. R1, R2 and R3 

C. R2 and R3 

D. R1 and R2 

Answer: D 


QUESTION 972 

Which Cisco PfR monitoring mode is recommended for Internet edge deployments? 

A. active mode 

B. active throughput mode 

C. fast mode 

D. passive mode 

Answer: D 


QUESTION 973 

Which IP SLA operation requires Cisco endpoints? 

A. UDP Jitter for VoIP 

B. ICMP Path Echo 

C. ICMP Echo 

D. UDP Jitter 

Answer: A 


QUESTION 974 

Refer to the exhibit. Which two actions can you take to allow the network 172.29.224.0/24 to be 
reachable from peer 192.168.250.53? (Choose two) 
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R1 

ip community-list 10 permit 64512:100 64512:200 645212:41650 64513:1220 

route—map INTERNET-OUT permit 10 
match community 10 

router bgp 64512 

no synchronization 

neighbor INTERNET peer-group 

neighbor INTERNET remote—as 64513 

neighbor INTERNET password clsCO 

neighbor 192.168.250.53 peer—group INTERNET 

address—family ipv4 

no synchronization 

neighbor INTERNET send—community both 
neighbor INTERNET route-map INTERNET—OUT out 

Rl#show bgp 172.29.224.0 

BGP routing table entry for 172.29.224.0/24, version 607252621 

Paths: (1 available, best #1, table default) 

Multipath: eBGP 1BGP 

Advertised to update—groups: 

3 4 7 

53739 

10.10.153.12 from 10.10.153.120 (10.10.153.12) 

Origin IGP, metric 0, localpref 130, valid, external, best 

Community: 64512:555 64513:200 64513:53090 64512:64002 64513:64090 

A. Modify the community list to match communities 64513:69040 attached to 172.29.224.0/24. 

B. Configure soft reconfiguration to peering 192.168.250.53. 

C. Modify the outbound route map to permit all additional traffic. 

D. Configure additional address families to peering 192.168.250.53. 

E. Modify the inbound route map to permit all additional traffic. 

F. Modify the community list to match community 64513:64090 attached to 172.29.224.0/24. 

Answer: CF 


QUESTION 975 

Which two statements about the spanning-tree timers in a switched network are true? (Choose 
two) 

A. After receiving a BPDU from the root bridge, a non-root bridge waits for the hello interval before 
forwarding it out. 

B. The root bridge sends out a TCN every max-age interval. 

C. The root bridge sends out a configuration BPDU every hello interval. 

D. The default hello time is two seconds. 

Answer: CD 


QUESTION 976 

Drag and Drop Question 

Drag each statement about IPv6 tunneling on the left to the matching IPv6 tunneling on the right. 
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Supports inter-site connections 

6to4 

i 

Supports intra-site connections. 

1 ZZ 1 

The IPv4 address has a dynamic location in the 

IPv6 header 



The IPv4 address is embedded in the prefix 


Uses a modified EUI-64 format for the prefix 


Uses flexible prefix format requirements 


ISATAP 


6R0 


Answer: 


Supports inter-site connections 

6to4 

Supports intra-site connections. 

Supports inter-site connections 


The IPv4 address is embedded in the prefix 

The IPv4 address has a dynamic location in the 

IPv6 header 




The IPv4 address is embedded in the prefix 

Supports intra-site connections. 

Uses a modified EUI-64 format for the prefix 

Uses a modified EUI-64 format for the prefix 


Uses flexible prefix format requirements 


con 


6R0 


The IPv4 address has a dynamic location in the 
IPv6 header 


Uses flexible prefix format requirements 


QUESTION 977 

Drag and Drop Question 

Drag and drop the description on the left to the correct EIGRP term in the right. 



Answer: 
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reported metric to the neighbor router 

p- 

total metric along a path to the destination as 

(best metric along a path to the destination including 

lithe metric to the neighbor 

l - : i 

best metnc along a path to the destination including 

I. 1 1 r 

best metric along a path to the feasible successor 

jthe metric to the neighb^^ 

j path with a reported distance lower than the feasible 1 

distance 

path with a reported distance lower than the feasible 
distance _1 

total metric along a path to the destination as 
advertised hyjhe.upstream r>einhhnr 


QUESTION 978 

Drag and Drop Question 

Drag and drop each BGP attribute on the left into the priority order in which the attributes are 
preferred when determining the best path on the right. 


highest LOCAL_PREF 

First 

highest WEIGHT 

Second 

locally originated path 

Third 

lowest MED 

Fourth 

lowest origin type 

Fifth 

shortest AS_PATH 

Sixth 


Answer: 


highest LOCAL PREF 

highest WEIGHT 

highest WEIGHT 

.... ■ —.. ——.. J 

highest LOCAL_PREF 

locally originated path 

locally originated path 

lowest MED 

shortest AS_PATH 

lowest origin type 

lowest origin type 

shortest AS_PATH 

lowest MED 




QUESTION 979 

What is the function of the rendezvous point in PIM? 

A. It acts as a shared root for a multicast tree. 

B. It is the main source of the multicast traffic. 

C. It redistributes the multicast configuration to its connected neighbors. 

D. It will redistribute the unicast routes to avoid an RPF failure. 

Answer: A 
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QUESTION 980 

What can PfR passive monitoring mode measure for UDP flows? 

A. throughput 

B. loss 

C. reachability 

D. delay 

Answer: A 


QUESTION 981 

When do summary black holes occur in EIGRP? 

A. when the summary is removed due to the last component disappearing 

B. when a summary is created for security purposes to draw undesired traffic to a termination point 

C. when a summary is advertised that contains components that the advertising router cannot reach 

D. when components of the summary are present at multiple summary points 

Answer: C 


QUESTION 982 

What are two pieces of information that can be transmitted via Multiprotocol BGP? (Choose two) 

A. MPLS VPN routes 

B. Level 1/Level 2 routers set the overload-bit. 

C. multicast sources 

D. IS-ISLSAs 

E. Level 2 routers set the attached bit. 

F. OSPF routes 

Answer: AC 


QUESTION 983 

Which two statements about Cisco IOS XE are true? (Choose two) 

A. Separate images are required for platform-dependent code. 

B. Its functions run as multiple separate processes in the OS. 

C. It uses a service blade outside Cisco IOS XE to integrate and run applications. 

D. It is deployed in a Linux-based environment. 

E. The FED feature provides separation between the control plane and the data plane. 

Answer: BD 


QUESTION 984 

Which two factors can reduce NBAR2 performance? (Choose two) 
A. queuing 
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B. multiple NBAR2-enabled interfaces 

C. slow link speeds 

D. stateful protocol matches 

E. short-duration flows 

Answer: DE 


QUESTION 985 

Which encryption algorithm is enabled by the Cisco IOS command service password-encryption ? 

A. MD5 

B. Cisco Type-5 

C. Cisco AES 

D. Cisco Type-7 

E. TKIP 

Answer: D 


QUESTION 986 

Which two options are requirements for AToM support? (Choose two) 

A. Cisco Express Forwarding must be disabled. 

B. MPLS must be configured with an LSP in the SP core. 

C. MPLS must be enabled between the PE and CE routers. 

D. The PE routers must be able to communicate with each other over IP. 

E. IP routing must be configured between the PE and CE routers. 

Answer: BD 


QUESTION 987 

Drag and Drop Question 

Drop each eigrp packet type on the left to the matching description on the right. 
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lrop each EIGRP packet type on the left to the matching description on the right. 

ACK 


a packet that aids fast convergence 



Hello 


a packet that confirms reachability 



Query 


a packet that is used to find neighbors 

Reply 


a packet without content 

Update 


a unicast message to acknowledge requests 


-“- r --- -1 


Answer: 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


380 

































































Pass Leader 

Leader of IT Certifications 



QUESTION 988 

Which three service offer VLAN transparency for WAN Ethernet services? (Choose three) 

A. ERMS 

B. EPL 

C. ERS 

D. MPLS 

E. EMS 

F. EWS 

Answer: ABC 


QUESTION 989 

Which two values are required to implement an EIGRP named configurations? (Choose two) 

A. address-family 

B. process-id 

C. subnet-mask 

D. virtual-instance-name 

E. router-id 

Answer: AB 
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QUESTION 990 

What are the two EEM event subscribers? (Choose two) 

A. CLI 

B. script 

C. applet 

D. none 

E. syslog 

Answer: BC 


QUESTION 991 

How is a targeted LDP session different from a standard LDP session? 

A. Targeted LDP is used only for neighbors on different segments. 

B. Targeted LDP requires SDP to be enabled. 

C. Targeted LDP requires RSVP to be enabled. 

D. Targeted LDP uses unicast hello messages to peer with other devices. 

Answer: D 


QUESTION 992 

Which two options are valid IPV6 extension header typers? (Choose two) 

A. Flow Label 

B. Encapsulating security Payload 

C. Version 

D. Traffic Class 

E. Mobility 

Answer: BE 


QUESTION 993 

Your NetFlow collector is not working due to a large amount of traffic entering your network which 
is destined to a single IP address . 

Which NetFlow feature allows you to collect the top source hosts for this traffic on the local 
router? 

A. A NetFlow can export flows only to a extermal flow collector 

B. show ip cache flow 

C. ip accounting 

D. ip flow-top-talkers 

Answer: D 


QUESTION 994 

For which reason can two OSPF neighbor routers on the same LAN segment be stuck in 
the two-way state? 
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A. The two routers have different MTUs on the interface. 

B. The two routers are configured with different priorities. 

C. The interface priority is set to zero on both routers. 

D. Both routers have the same OSPF router ID. 

Answer: C 


QUESTION 995 

Refer to the exhibit,what is the administrative distance of prefix 10.1.1.0/24 on R2? 



A. 5 

B. 90 

C. 170 

D. 200 

Answer: D 


QUESTION 996 

Which two statements about IGPs are true? (Choose two) 

A. RIPv2 and OSPF are distance vector protocols. 

B. OSPF and EIGRP have high resource usage. 

C. IS-IS and EIGRP are link-state protocols. 

D. OSPF and IS-IS are classless protocols. 

E. RIPv2 and EIGRP support VLSM. 

F. RIPv2 and IS-IS calculate the metric of a link based on the bandwidth of a link. 

Answer: DE 


QUESTION 997 

Which information is contained in an OSPF Type 1 Router LSA? 

A. The Autonomous System Border Routers(ASBR) for the OSPF network and the cost of the path 
to reach each ASBR 

B. The router's interfaces(links) on which OSPF is enabled ,the state and outgoing cost of each 
link.and the OSPF neighbors on each link 

C. The network links to all known OSPF routers and and the cost of each path 

D. The Area Border Routers (ABR) for the area and the cost of the path to each ABR 

E. The OSPF neighboring routers and the cost of the outgoing link to reach each neighbor 

Answer: B 
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QUESTION 998 

Which command can you enter to configure a built-in policer with minimum guaranteed bandwidth 
without starving other classes during periods of congestion? 

A. bandwidth remaining percent 

B. bandwidth 

C. priority percent 

D. fair-queue 

Answer: C 


QUESTION 999 

Which three session tables does NAT64 maintain? 

A. 6rd 

B. TCP 

C. 484XLAT 

D. ICMP Query 

E. SIP 

F. UDP 

Answer: BDF 


QUESTION 1000 

Which two statements about Cisco Express Forwarding load balancing are true? 

A. Cisco Express Forwarding can load-balance over a maximum of two destinations 

B. It combines the source IP address subnet mask to create a hash for each destination 

C. Each hash maps directly to a single entry in the RIB 

D. Each hash maps directly to a single entry in the adjacency table 

E. It combines the source and destination IP addresses to create a hash fdor each destination 

Answer: DE 


QUESTION 1001 

Refer to the exhibit. How is voice traffic entering this router on interface GigabitEthernetO/O being 
handled by the? 
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m^errace GigabitEthemetO/0 
description *** Site Backbone *** 
ip address 10.X.114.5 255.255.255.248 
service-policy input; marking 

policy-map marking 
class in-voice 
class in-streaming 
set ip dscp af41 
class in-time-sensitive 
set: ip dscp af31 
class class-default 
set: ip dsco af21 


:_ass-map r 


cn—a 


lv m-streanmnc 


;s-group name streaming 
rr.a~mcrm access-group name tp-rooms 
class-map match-any in-voice 
natch access-group name voice 
class -map match-anv in-time-sensitive 
ma.t:orL access-groim name time-sensitiv= 



v 3 g 4 3-454 


A. Any traffic matching access-list voice is trusted and marking is not changed. 

B. All voice is being set to DSCP 0 

C. All voice is being set to AF21 

D. Any traffic matching access-list voice is set to EF 

Answer: A 


QUESTION 1002 

Which two statements about IPv4 and IPv6 packet fragmentation are true? (Choose two) 

A. An IPv4 host can drop any fragments larger than 576 bytes. 

B. An IPv6 host can drop any fragments larger than 1448 bytes. 

C. The fixed header of an IPv6 packet can be fragmented. 

D. The extension headers of an IPv4 packet can be fragmented. 

E. IPv6 fragmentation is performed on all devices in the forwarding path. 

F. IPv6 fragmentation is performed only on the source of the traffic. 

Answer: AF 


QUESTION 1003 

Which two statements about native VLANs are true? (Choose two) 
A. They require VTPv3. 
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B. They are used to forward tagged traffic only. 

C. They are configured under the trunk interface 

D. They are configured in VLAN database mode. 

E. They are used to forward both tagged and untagged traffic. 

F. They are used to forward untagged traffic only. 

Answer: CF 


QUESTION 1004 

Which feature can protect against broadcast DoS attacks? 

A. storm control 

B. DHCP snooping 

C. DAI 

D. IP Source Guard 

Answer: A 


QUESTION 1005 

In an MPLS VPN, which router attaches VPN labels to packets? 

A. PE 

B. CE 

C. P 

D. C 

Answer: A 


QUESTION 1006 

Refer to the exhibit, which option describes the meaning of this console message? 



A. An EIGRP hold timer has expired. 

B. FastEthernet0/0 has interface errors. 

C. An EIGRP process has been shut down. 

D. An interface has gone down. 

Answer: A 


QUESTION 1007 

What are two requirements for NSF operation in an MPLS L3 VPN? 

A. SSO must be active 

B. Graceful restart must be configured in BGP 

C. Stateful HA must be deployed 

D. ISSU must be active 
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E. The NSF must be configured for Layer 2 traffic 

F. Graceful restart must be configured in LDP 

Answer: AF 


QUESTION 1008 

What are two differences between IPv6 ISATAP tunneling and IPv6 6to4 tunneling? (Choose two) 

A. Only ISATAP tunneling transfers unicast IPv6 packets between sites. 

B. Only 6to4 tunneling requires 2002::/16 addresses. 

C. Only ISATAP tunneling can transfer IPv6 multicast packets. 

D. Only ISATAP tunneling transfers unicast IPv6 packets within a site. 

E. Only 6to4 tunneling transfers unicast IPv6 packets within a site. 

Answer: BD 


QUESTION 1009 

Which two statements about BGP PIC are true? (Choose two) 

A. PIC Core supports fast convergence with external neighbor links. 

B. It is prefix-dependent for Internet routes. 

C. When the path to a distant PE router changes, PIC is independent of the number of VRFs on the 
router. 

D. It achieves subsecond convergence in the BGP FIB. 

E. PIC Edge provides fast convergence when an external neighbor node fails. 

Answer: AD 


QUESTION 1010 

Drag and Drop Question 

Drag each OSPFv2 SA parameter on the left to its corresponding description on the right 
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Answer: 


QUESTION 1011 

Which encapsulation is used when deploying EIGRP OTP? 

A. GRE 

B. LISP 

C. PPP 

D. dotlq 

E. MPLS 

F. ISL 

Answer: B 


QUESTION 1012 

Refer to the exhibit, what are three effects of this configuration (choose three ) 



A. It sets the cache size large enough to process 1024 entries 

B. It sets the cache size large enough to process 1024 KB of entries 

C. It specifies version 8 export format 

D. It sets an active timeout of 2 seconds 
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E. It sets an inactive timeout of 10 minutes 

F. It sets an active timeout of 2 minutes 

Answer: ACF 


QUESTION 1013 

Refer to the exhibit. Prefix 192.1681.0/31 is currently two-way ECMP. 

Flow can you make Ethernet0/0 the preferred path? 

Rl#sho ip route 1S2.168.1.0 255.255.255.254 
Routing entry for 192.168.1.0/31 

Known via "ospf 1", distance 110, metric 20, type intra area 
Last update from 192.168.1.2 on Ethernet0/0, 00:06:03 ago 
Routing Descriptor Blocks: 

* 192.168.1.4, from 2.2.2.2, 00:31:07 ago, via Ethernetl/0 
Route metric is 20, traffic share count is 1 
192.168.1.2, from 1.1.1.1, 00:06:03 ago, via Ethernet0/0 
Route metric is 20, traffic share count is 1 


A. Increase the OSPF cost of Ethernetl/O so that the OSPF cost is higher on Ethernetl/O than on 
EthernetO/O. 

B. Increase the bandwidth of Ethernetl/O so that it has a higher bandwidth than EthernetO/O. 

C. Increase the OSPF cost of EthernetO/O so that the OSPF cost is higher on EthernetO/O than on 
EthernetO/O. 

D. Log in to the router that is connected to EthernetO/O and lower the OSPF cost on the interface 
that is connected to EthernetO/O. 

Answer: A 


QUESTION 1014 

Which three statements about automatic 6to4 tunneling are true?(choose three) 

A. It allows an IPV6 domain to be connected over an IPV4 network 

B. 6to4 tunnels are configured only in a point-point configuration 

C. It allows an IPV4 domain to be connected over an IPV6 network 

D. The IPV4 address embedded into the IPV6 address is used to find other of the tunnel 

E. The MAC address embedded into the IPV6 address is used to find the other end of the tunnel 

F. 6to4 tunnels are configured in a point-to-mulitipoint configuration 

Answer: ADF 


QUESTION 1015 

What are two differences between IPv6 ISATAP tunneling and IPv6 6to4 tunneling? (Choose two) 

A. Only ISATAP tunneling transfers unicast IPv6 packets between sites. 

B. Only 6to4 tunneling requires 2002::/16 addresses. 

C. Only ISATAP tunneling can transfer IPv6 multicast packets. 
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D. Only ISATAP tunneling transfers unicast IPv6 packets within a site. 

E. Only 6to4 tunneling transfers unicast IPv6 packets within a site. 

Answer: BD 


QUESTION 1016 

Which command would enable the highest level of logging to the router's memory? 

A. Logging buffered 15 

B. Logging local 15 

C. Logging facility 15 

D. Logging buffered 7 

E. Logging facility 7 

F. Logging local 7 

Answer: D 

QUESTION 1017 

Which option describes how the IP address is assigned when you configure a Layer 3 
EtherChannel interface? 

A. You must assign the IP address to the tunnel interface. 

B. The last IP address added to the EtherChannel is used automatically. 

C. You must assign the IP address to a port channel logical interface. 

D. The first IP address added to the EtherChannel is used automatically. 

Answer: C 


QUESTION 1018 

Which two statements about IPv4 and IPv6 packet fragmentation are true? (Choose 
two) 

A. An IPv4 host can drop any fragments larger than 576 bytes. 

B. An IPv6 host can drop any fragments larger than 1440 bytes. 

C. The fixed header of an IPv6 packet can be fragmented. 

D. The extension headers of an IPv4 packet can be fragmented. 

E. IPv6 fragmentation is performed on all devices in the forwarding path. 

F. IPv6 fragmentation is performed only on the source of the traffic. 

Answer: AF 


QUESTION 1019 

What are two functions of an NSSA in an OSPF network design ?(Choose two) 

A. It overcomes issues with suboptimal routing when there are multiple exit points from the areas 

B. It uses opaque LSAs 

C. It allows ASBRs to inject external routing information into the area 

D. An ASBR advertises type 7 LSAs into the area 
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E. An ABR advertises type 7 LSAs into the area 

Answer: CD 


QUESTION 1020 

How does MSTP maintain compatibility with RSTP? 

A. The system ID of an RSTP BPDU is padded with extra bytes to match the format of an MSTP 
BPDU. 

B. RSTP encodes region information from an MSTP BPDU into a single instance. 

C. MSTP sends all spanning-tree information in one BPDU. 

D. RSTP implements a TTL that is compatible with the MSTP max age timer. 

E. MSTP supports five port states in the same way as RSTP. 

Answer: A 


QUESTION 1021 

Which two statements about IPsec VTIs are true? (Choose two) 

A. Dynamic VTIs allow you to mix proxy types. 

B. The dynamic VTI is a multipoint interface that can support multiple IPsec SAs. 

C. The IKE SA can be bound to both the VTI and the crypto map in the router. 

D. Static VTIs can use the "IP any any" traffic selector only. 

E. The IPsec transform set must be configured in transport mode. 

F. Static VTIs can encapsulate both IPv4 and IPv6 packets, but IPv4 can carry IPv4 packets and 
IPv6 can carry IPv6 packets. 

Answer: CD 


QUESTION 1022 

What are the two BFD modes? (Choose two) 

A. active 

B. asynchronous 

C. passive 

D. established 

E. demand 

F. synchronous 

Answer: BE 


QUESTION 1023 

Refer to the exhibit. Which option describes the purpose of the as-set argument of the aggregate- 
address command? 
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renter bgp 64 496 

so aynchronieation 

bgp log-neighbor—changes 

aggregate-address 10.0.0.0 255.0.0.0 as-sec summary-only 
neighbor 192.163.1.2 remoce-as 64497 
neighbor 192.163.2.2 remoce-as 64493 
neighbor 192.160.3.2 remoce-as 64499 
no auco-summary 


A. it provides an AS path in the aggregate advertisement that contains only the local AS number. 

B. It provides a predefined AS path in the aggregate advertisement that is used to indicate an 
aggregate prefix. 

C. It provides an AS path in the aggregate advertisement that includes the AS numbers of the 
component members. 

D. It provides a list of AS numbers top which the aggregate is advertised. 

Answer: D 


QUESTION 1024 

Which two statements about apportioned dual-tier WAN rate-based Ethernet circuits are true? 

(Choose two) 

A. The service provider deploys an advanced CPE device to the subscriber, which provides 
enhanced Layer 3 QoS functionality. 

B. It requires the subscriber to implement egress QoS. 

C. It requires the subscriber to implement ingress QoS. 

D. The service provider deploys a simple CPE device to the subscriber, which providers fast circuit 
access. 

E. The service provider supports classification and queuing, while the subscriber marks and re¬ 
marks packets on ingress. 

F. It requires ingress re-marking. 

Answer: CE 


QUESTION 1025 

Which three pieces of information are carried on OSPF type 3 LSAs? (Choose three) 

A. metric 

B. authentication type 

C. link state 

D. IP subnet 

E. external route tag 

F. subnet mask 

Answer: ACF 


QUESTION 1026 

Which protocol do PE routers that run 6VPE use to exchange routing information? 
A. 0SPFV3 
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B. OSPF 

C. IS IS 

D. MP-BGP 

Answer: D 


QUESTION 1027 

You have been asked to connect a remote network with different DSCP mappings to the primary 
network of your organization. How can you configure the network devices so that the two 
networks work together seamlessly? 

A. Configure the mis qos trust command on the trunk ports that interconnect two networks 

B. Configure VLAN-based Qos on all switchs on both networks 

C. Configure an aggregate policer on the ingres interfaces of the trunk ports that interconnect the 
two networks 

D. Configure a mutation map on the devices on the primary network that connect to the network 

Answer: A 


QUESTION 1028 

Which statements about PMTUD is true? 

A. It is supported by TCP and UDP. 

B. It increases the connection's send MSS value to prevent fragmentation. 

C. GRE tunnels use PMTUD to fragment data packets by default. 

D. It is used to prevent fragmentation of packets at the endpoint of a TCP connection. 

E. It is used to prevent fragmentation of packets traveling across a smaller MTU link between 

Answer: A 


QUESTION 1029 

When EIGRP Auto-Summary is enabled, what does Auto Summarization do in EIGRP? 

A. Summarize networks from the same network boundaries 

B. Summarizes networks form different network boundaries crossing the same major boundary 

C. Summarizes all network boundaries 

D. Summarizes networks from different network boundaries Crossing different major boundary 

Answer: D 


QUESTION 1030 

Which two statements about the Cisco Express Forwarding glean adjacency type are true? 
(Choose two) 

A. Packets destined for the interface are discarded and the prefix is checked. 

B. The router FIB table maintains a prefix for the subnet instead of individual hosts. 

C. The adjacency database is used to [gather specific prefixes when packets are destined to a 
specific host. 

D. Packets destined for the interface can be dropped, which provide a form of access filtering. 
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E. Packets destined for the interface are discarded and the prefix check is skipped. 

Answer: BC 


QUESTION 1031 

Which two statements about the DUID in DHCPv6 are true? (Choose two) 

A. It identifies clients to apply configuration parameters. 

B. It determines the appropriate identifier for the DHCPv6 relay agent. 

C. DUIDs are interpreted by DHCPv6 clients. 

D. DUID is carried as a DHCPv6 option. 

E. DUID is required in all DHCPv6 messages. 

F. DUDI are interpreted by DHCPv6 Servers 

Answer: CD 


QUESTION 1032 

Which two statements about BGP confederation architecture are true? 

A. The intraconfederation EBGP default TTL value between sub-ASes is 1 

B. The AS_SET and AS_SEQ components help prevent loops inside a sub-AS 

C. The ASN of a confederation is excluded from the AS_PATH path length calculation 

D. The intraconfederation EBGP default TTL value between sub-ASes is 255 

E. IBGP sessions inside a sub-AS have a default TTL of 1 

Answer: AC 


QUESTION 1033 

Refer to the exhibit. R1 has an OSPF path to R2 and R3 for 10.1.0.0/24, but R1 has a routing 
entry for 10.1.0.0/24 from only one router at a time. Which option is the most likely cause? 
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A. The R1 maximum-path is set to 1. 

B. R2 has a higher administrative distance. 

C. R2 is using a filter list. 

D. R2 is using an offset-list. 

Answer: A 


QUESTION 1034 

Which function dos PHP perform? 

A. popping the two bottommost labels one hop before the egress LSR 

B. popping the top label one hop before the egress LSR 

C. popping the top label at the egress LSR 

D. popping the two topmost labels one hop before the egress LSR 

E. popping the bottom label one hop before the egress LSR 

F. popping the bottom label at the egress LSR 

Answer: B 


QUESTION 1035 

Which three criteria are used for stackwise election of a master switch? 
A. VLAN revision number 
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B. longest uptime 

C. highest MAC address 

D. user-selected priority 

E. IOS version number 

F. lowest MAC address 

Answer: BDF 


QUESTION 1036 

Which option describes how the IP address is assigned when you configure a Layer 3 
EtherChannel interface? 

A. You must assign the IP address to the tunnel interface. 

B. The last IP address added to the EtherChannel is used automatically. 

C. You must assign the IP address to a port channel logical interface. 

D. The first IP address added to the EtherChannel is used automatically. 

Answer: C 


QUESTION 1037 

Refer to the exhibit. Which BGP metric is preserved when router R2 sends routes to 
confederation router R3? 


AS 123 

R1 


AS 100 

Confederation 1000 

i 

AS 101 

Confederation 1001 



f i ® 


ism ispis 

R2 

router bgp 100 

bgp confederation identifier 1000 
b<jp confederation peers 1001 

neighbor R3 remote-as 101 ' confederation peer 

neighbor R1 renote-as 123 • noudl eBGP peer 


A. AS_PATH 

B. local preference 

C. origin 

D. AS4 PATH 

Answer: B 


QUESTION 1038 

Which options is the implicit access rule for IPv6 ACLs? 

A. permit all 

B. permit neighbor discovery, deny everything else 

C. deny all 
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D. permit all ICMP, deny everything else 

Answer: B 


QUESTION 1039 

Refer to the exhibit. According to the given show line output, which type of line is connected to 
the router? 



A. Telnet 

B. terminal 

C. console 

D. SSH 

E. auxiliary 

Answer: C 


QUESTION 1040 

What are two of the commands that you can enter to gracefully shut down OSPF and notify 
neighbors? (Choose two) 

A. router(config-if)# ip ospf graceful shutdown 

B. router(config-if)# ip ospf shutdown 

C. router(config-router)# shutdown 

D. router(config-router)# graceful shutdown 

E. router(config)# ip notify 

Answer: BC 


QUESTION 1041 

Which statemtnt about dynamic GRE between a headend router and a remote router istrue? 

A. The headend router learns the IP address of the remote end router statically 

B. A GRE tunnel withoutan IP address has a status of administratively down 

C. GRE tunnels can be established when the remote router has a dynamic IP address 

D. The remote router initiates the tunnel connection 

Answer: D 


QUESTION 1042 

Which command can you use to redistribute IBGP routes into the IGP? 
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A. no synchronization 

B. redistribute protocol process-number 

C. bgp redistribute-internal 

D. synchronization 

Answer: B 


QUESTION 1043 

which feature can be used to allow hosts with routes in the global routing table to access hosts in 
a VRF ? 

A. address familes 

B. extended communities 

C. route target communities 

D. route leaking 

Answer: D 


QUESTION 1044 

Which two statements about IPv6 automatic 6to4 tunnels are true? (Choose two) 

A. The router at each end of the tunnel must support both IPv4 and IPv6. 

B. They support both point-to-point and point-to-multipoint operations. 

C. The IPv6 routers that establish automatic 6to4 tunnels are configured in pairs. 

D. The IPv4 infrastructure operates as a virtual broadcast mutliaccess link. 

E. They support point-to-multipoint operations only. 

Answer: AE 


QUESTION 1045 

Refer to the exhibit. Which two options are two benefits of this configuration? (Choose two) 



interface loopbackO 

ip address 19?.1£S.1.1 2SS.ZSS.2SS.2S5 

router b'jp £4512 

neighbor 192.J.£8.2«2 ceaote-as r4511 
neighbor 192. 1 £9. 2. 2 ebgp-sul tlhop 
neighbor 192.1£8.2.2 update-source loopbeckO 
network 192.1£8.lOO.0 

lp route 192. 1£8.2. 2 2S5.255. 255. 255 senalO/O 
ip route 192.1£8.2.2 255.255.255.255 serxalO/1 


interface loopbaekO 

ip address 1S2.1£8.2.2 


155.255.255.255 


router bgp £4513 

neighbor 192.l£8.1.i remote-as £4512 
neighbor 192.1£B.l.i ebgp-sultihop 
neighbor 192.1£Q.1.1 update-source loopbacl 
network 192.1£B.101.O 

lp route 192.1£R.1.1 255.255.255.255 serialO/l 
ip route 192.1£B.1.1 255.255.255.255 seraalO/. 


A. increased security 

B. redundancy 

C. reduced jitter 
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D. reduced latency 

E. load sharing 

Answer: BE 


QUESTION 1046 

Which two statements about extended ping data patterns are true ? 

A. They can determine whether the wavelength received in the transceiver is correct. 

B. They can test for routing protocol issues. 

C. They can test the link for line code mismatches. 

D. They can test the internal repeater for power issues. 

E. They can test for STS/SDH errors. 

F. They can be used with MPLS to ping an LSP end to end. 

Answer: CD 


QUESTION 1047 

Which three statements about Netflow are true? (Choose three) 

A. It can calculate the available bandwidth to support RSVP 

B. It can reduce Mean Time To Repair metrics for network issues 

C. It support usage accouting for network resources 

D. It can analyze source-to-destination traffic trends to support traffic engineering 

E. It prevents DDoS attacks against network elements 

F. It enables the network engineer to plan for increased bandwidth capacity and grov/th of the 
network 

Answer: CDF 


QUESTION 1048 

What are two reasons for an OSPF neighbor relationship to be stuck in exstart/exchange state? 
(Choose two.) 

A. There is an area ID mismatch 

B. There is an MTU mismatch 

C. Both routers have the same router ID. 

D. There is an authentication mismatch 

E. Both routers have the same OSPF process ID 

Answer: BC 


QUESTION 1049 

Which two statements about out-of-order packet transmission are true? (Choose two.) 

A. It can occur when packets are duplicated and resent 

B. It occurs only over TCP connections 

C. It can occur when packets are dropped and resent 
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D. It can occur when packets take the same path to arrive at the same destination 

E. It can occur when packets use different paths to arrive at the same destination. 

Answer: BE 


QUESTION 1050 

An IPv6 network has different MTUs on different segments, if the network is experiencing 
reliability issues, which option is the most likely reason? 

A. ICMPv6 is filtered. 

B. The Do Not Fragment bit is marked. 

C. HSRPv6 is configured incorrectly. 

D. The MTU size is greater than 1470 bytes. 

Answer: B 


QUESTION 1051 

Refer to the exhibit. You have configured a router as shown for a new 100 Mbps metro-Ethernet 
link, but you discover that a significant number of output drops is occurring. 

Which option is the most likely cause of the problem? 


class-map match-any COS2 
march cos 2 


HSj. 

” fill 


„ !i ! 

policy-map COS2_classification 
class COS2 

i ' n W h 1 ?'ImiSi *' r 



lit m 


nmmiui nr . , ,, „ ,, | _ II _ T | .. m ini m im r imt nr insi -i. W|MP?< irr •••• *. 

police lOOOOOOO conform-action set-dacp-tranamit af31 exceed-action aet-dsqp-tranamit a£32 

policy-map CE_outbound 
class COS2 

bandwidth remaining percent 20 
serrvice-policy C0S2_classification 


A. All traffic is sent as AF31 because the router is using the CE_outbound policy map. 

B. COS2 traffic is being discarded by the service provider. 

C. WRED is misconfigured. 

D. All traffic is sent as AF31 because the amount of policed bandwidth is too high. 

Answer: D 


QUESTION 1052 

Refer to the exhibit. If R1 uses EIGRP to learn route 192.168.10.0/24 from R2, which interface on 
R1 uses split horizon for route 192.168.10.0/24? 
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A. SeO/O 

B. FaO/O 

C. Sel/0 

D. FaO/1 

Answer: B 


QUESTION 1053 

What are two mechanisms that directed ARP uses to help resolve IP addresses to hardware 

addresses? (Choose two) 

A. It removes address-resolution restrictions, allowing dynamic protocols to advertise rou information 
for the device loopback address. 

B. It uses ICMP redirects to advertise next-hop addresses to foreign hosts. 

C. It uses series of ICMP echo messages to relay next-hop addresses 

D. It removes address-resolution restrictions, allowing dynamic protocols to advertise routing 
information for the next-hop address. 

E. It uses a proxy mechanism to allow a device to respond to ARP requests for the addresses of 
other devices. 

Answer: CD 


QUESTION 1054 

Which two statements about TCP MSS are true? (Choose two.) 

A. The two endpoints in a TCP connection report their MSS values to one another. 

B. It operates at Layer 3. 

C. MSS values are sent in TCP SYN packets 

D. It sets the maximum amount of data that a host sends in an individual datagram 

E. It sets the minimum amount of data that a host accepts in an individual datagram 

Answer: CD 


QUESTION 1055 

Which three configuration settings must match for switches to be in the same MST region? 
(Choose three) 
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A. password 

B. domain name 

C. VLAN names 

D. revision number 

E. VLAN-to-instance assignment 

F. region name 

Answer: DEF 


QUESTION 1056 

What are three valid HSRP states? (Choose three) 

A. listen 

B. learning 

C. full 

D. established 

E. speak 

F. IN IT 

Answer: AEF 


QUESTION 1057 

Drag and Drop Question 


Drag and drop each IS-IS component on the left to its function on the right 


CLNP 


acknowledges link-state packets 





CSNP 


carries data inside link-state packets 




. 

OH 


establishes neighbor adjacencies with other IS-B devices | 

1 

NSAP 


provides a connectionless circuit for 051 networks 

^ — 

PSNP 


synchronizes the link-state database 

C _ 

TLV 


the address that identifies an access point 


Answer: 
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Drag and drop each IS-IS component on the left to its function on the right 

PSNP j J 

l - HZ]] 






NSAP 


CLNP 



QUESTION 1058 

Refer to the exhibit, Router A must reach router X. 

Which option describes how router A decides which interface to use to forward packets ? 

A. Router A relies on FIB to select the desired interface 

B. Router A does per-packet load-balance across the two interfaces 

C. Router A does per-flow load-balance across the two interfaces 

D. Router A relies on RIB select the desired interface 

Answer: D 


QUESTION 1059 

Which action must you take to configure encryption for a dynamic VPN? 

A. Configure an FQDN peer in ftie crypto pgfile. 

B. Configure an FQDN identity in the crypto keyring 

C. Configure an FQDN in the crypto keyring 

D. Configure an FQDN on the router. 

Answer: A 


QUESTION 1060 

Which feature can segregate routing tables on a single device? 

A. BGP 

B. VRF-lite 

C. OSPFv3 

D. MPLS 
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Answer: B 


QUESTION 1061 

Which PIM mode can forward traffic by using only (*. G) routing table entries? 

A. dense mode 

B. sparse-dense mode 

C. sparse mode 

D. bidrirectional mode 

Answer: C 


QUESTION 1062 

You are configuring CoS-to-DSCP mappings with three requirements: 

- AF13 must be marked with COS 1. 

- AF22 must be marked with COS 2. 

- EF must be marked with COS5. 

Which configuration command can you use to implement the requirements? 

A. mis qos map cos-dscp 0 14 20 24 32 46 48 56 

B. mis qos map cos-dscp 0 10 18 24 32 46 48 56 

C. mis qos map cos-dscp 0 12 18 24 32 40 46 56 

D. mis qos map cos-dscp 0 12 18 24 32 46 48 56 

Answer: A 


QUESTION 1063 

Which three statements about voice VLANs are true? (Choose tliree ) 

A. Incoming OoS values are trusted only for untagged traffic 

B. When voice VLAMs are enabled. RortFast is configured automatically 

C. When voice VLAMS are configured, all untagged traffic is set to CoS 5 

D. IP Phones ovverride the CoS on all incoming tagged and untsgged traffic 

E. Their default CoS value is 0 

F. They are disabled by default 

Answer: ADF 


QUESTION 1064 

Which CoPP feature can you configure after applying the control-plane command? 

A. line card interfaces 

B. address filters 

C. aggregates 

D. drop policies 

Answer: C 
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QUESTION 1065 

Refer to the exhibit. Which routes are advertised by the router? 



A. No routes 

B. BGP routes from AS 85006 and BGP routes sourced on this router 

C. All routes 

D. BGP routes sourced on this router 

Answer: C 


QUESTION 1066 

From which component does an IS-IS router construct its link-state database? 

A. SPTs 

B. LSPs 

C. hello packets 

D. LSAs 

Answer: B 


QUESTION 1067 

What are two mechanisms that directed ARP uses to help resolve IP addresses to hardware 

addresses? (Choose two) 

A. It removes address-resolution restrictions, allowing dynamic protocols to advertise routing 
information for the next-hop address. 

B. It uses a proxy mechanism to allow a device to respond to ARP requests for the addresses of 
other devices. 

C. It removes address-resolution restrictions, allowing dynamic protocols to advertise routing 
information for the loopback address. 

D. It uses a series of ICMP echo messages to reply next hop addresses. 

E. It uses ICMP redirects to advertise next-hop addresses to foreign hosts. 

Answer: AD 


QUESTION 1068 

Refer to the exhibit. An Ipv6 tunnel is configured between site A and site B. Which feature does 
the tunnel support? 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


405 
















Pass Leader’ 

Leader of IT Certifications 



A. single policy 

B. transport mode 

C. site-to-site tunnel mode 

D. OSPFv2 

Answer: C 


QUESTION 1069 

Which two statements about IGMP filter that are operating in access mode are ture? (Choose 
two) 

A. They can be applied on the access port only 

B. A filter that is applied on the SVI must use the same settings as a filter that is applied to the trunk 
port 

C. They can be applied on both the SVI and the access port 

D. The SVI filter is always checked first 

Answer: AB 


QUESTION 1070 

A network engineer is extending a LAN segment between two geographically separated data 
centers. Which enhancement to a spanning-tree design prevents unnecessary traffic from 
crossing the extended LAN segment? 

A. Modify the spanning-tree priorities to dictate the traffic flow. 

B. Create a Layer 3 transit VLAN to segment the traffic between the sites. 

C. Use VTP pruning on the trunk interfaces. 

D. Configure manual trunk pruning between the two locations. 

Answer: C 


QUESTION 1071 

The OSPF database of a router shows LSA types 1,2, 3 and 7 only. Which type of area is this 
router connected to? 

A. backbone area 

B. totally stubby area 

C. stub area 

D. not-so-stubby area 

Answer: D 


QUESTION 1072 
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Which feature can you implement to most effectively protect customer traffic in a rate-limited 
WAN Ethernet service? 

A. HCBWFQ 

B. IntServ with RSVP 

C. DiffServ 

D. The IPsec VTI qos pre-classify command 

E. Q-in-Q 

Answer: A 


QUESTION 1073 

An engineer has configured a router to use EU1-64, and was asked to document the IPv6 address 
of the router. The router has the following interface parameters: 

mac address C601.420F.0007 
subnet 2001:DB8:0:1::/64 

A. 2001 :DB8:0:1 :C601:42FF:FE0F:7 

B. 2001 :DB8:0:1 :FFFF:C601:420F:7 

C. 2001 :DB8:0:1 :FE80:C601:420F:7 

D. 2001 :DB8:0:1 :C601:42FE:800F:7 

Answer: A 


QUESTION 1074 

Which command configures port security on a switch to enable permanent MAC address learning 
on the interface? 

A. switchport port-security mac-address-learning enable 

B. switchport port-security mac-address timer 0 

C. switchport port-security mac-address sticky 

D. switchport port-security mac-address maximum 1 sticky 

E. switchport port-security mac-address permanent 

Answer: C 


QUESTION 1075 

Refer to the exhibit. Which option is the most likely explanation of the duplicate address message 
logged? 
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A. HSRP misconfiguration 

B. a PC with IP of 10.10.1.1 

C. spanning-tree-loop 

D. a hardware problem 

Answer: A 


QUESTION 1076 

Which three components are in an MPLS header? (choose three) 

A. a 4-bit experimental use field 

B. a 4-bit label stack entry 

C. an 8-bit TTL 

D. a 2-bottom of stack 

E. a 3-bit experimental use field 

F. a 20-bit label 

Answer: CEF 


QUESTION 1077 

What is the main function of VRF-lite? 

A. To allow devices to use labels to make Layer 2 Path decisions 

B. To segregate multiple routing tables on a single device 

C. To connect different autonomous systems together to share routes 

D. To route IPv6 traffic across an IPv4 backbone 

Answer: B 


QUESTION 1078 

Refer to the exhibit. Which prefixes will have their distance changed? 
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A. all prefixes matching access-list 10 learned from peers in the range 10.1.12.0-10.1.12.255 

B. all internal prefixes in the range 10.1.12.0-10.1.12.255 learned from peers matching access-list 
10 . 

C. all internal prefixes matching access-list 10 learned from peers in the range 10.1.12.0- 
10.1.12.255 

D. all prefixes in the range 10.1.12.0-10.1.12.255 learned from peers matching access-list 

Answer: C 


QUESTION 1079 

Which two methods do IPsec VTIs used to identify and transmit encrypted traffic through the 
tunnel? (choose two) 

A. static routing 

B. dynamic routing 

C. object groups 

D. ACLs 

E. NAT 

Answer: AB 


QUESTION 1080 

When you deploy DMVPN, what is the purpose of the command crypto isakmp key ciscotest 
address 0.0.0.0 0.0.0.0 ? 

A. It is configured on hub and spoke router to establish peering 

B. It is configured on hub to set the pre-shared key for the spoke routers 

C. It is configured on the spokes to indicate the hub router 

D. It is configured on the Internet PE routers to allow traffic to traverse the ISP core 

Answer: B 


QUESTION 1081 

Refer to the exhibit. Which statement about the configuration is true? 
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A. This configuration is incorrect because the dialer interface number must be the same as the dialer 
pool number. 

B. This configuration is missing an IP address on the dialer interface. 

C. This configuration is incorrect because the MTU must match the ppp-max-payload that is defined. 

D. This configuration represents a complete PPPoE client configuration on an Ethernet connection. 

Answer: D 


QUESTION 1082 

A company has just opened two remote branch offices that need to be connected to the corporate 
network. Which interface configuration output can be applied to the corporate router to allow 
communication to the remote sites? 

A. interface TunnelO 
bandwidth 1536 

ip address 209.165.200.230 255.255.255.224 
tunnel source Serial0/0 
tunnel mode gre multipoint 

B. interface fa0/0 
bandwidth 1536 

ip address 209.165.200.230 255.255.255.224 
tunnel mode gre multipoint 

C. interface TunnelO 
bandwidth 1536 

ip address 209.165.200.231 255.255.255.224 
tunnel source 209.165.201.1 
tunnel-mode dynamic 

D. interface fa 0/0 
bandwidth 1536 

ip address 209.165.200.231 255.255.255.224 
tunnel source 192.168.161.2 
tunnel destination 209.165.201.1 
tunnel-mode dynamic 

Answer: A 


QUESTION 1083 

Refer to the exhibit. OSPF is configured on R1 and R2 as shown. 

Which action can you take to allow a neighbor relationship to be established. 
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Rifshow ip ospf interface FastEthemetO/0.12 
FastEthernetO/Q. 12 is up, line protocol is up 
Internet Address 10.1.12.1/24, Area 0 
Process ID 2, Router ID 10.1.1.1, Hetwonk Type 
NONBROADCAST, Cost: 10 
Transmit Delay is 1 sec. State DR, Priority 1 
Designated Router (ID) 10.1.1.1, Interface address 10.1.12.1 
No backup designated router on this network 
Timer intervals configured, Hello 30, Dead 120, Wait 120, 
Retransmit 5 
oob-resync timeout 120 
Hello due in 00:00:19 
Supports Link-local Signaling ILLS) 

Cisco NSF helper support enabled 
IETF NSF helper support enabled 
Index 2/2, flood queue length 0 
Next 0x0(0)/0x0{0) 

Last flood scan length is 1, «xi«u» x» 

Last flood scan time is 0 .sec, .axi.ua is p .sec 
Neighbor Count is 0, Adjacent neighbor count 

Suppress hello for 0 neighbors) p.:* 

Rl# 


R2|show ip ospf interface FastEthemet0/0.12 
FastEthernetO/0.12 is up, line protocol is up 
Internet Address 10.1.12.2/24, Area 0 
Process ID 1, Router ID 10.2.2.2, Network Type 
BROADCAST, Cost: 10 

Transmit Delay is 1 sec. State DR, Priority 1 
Designated Router (ID) 10.2.2.2, Interface address 10.1.12 
No backup designated router on this network 
Timer intervals configured, Hello 10, Dead 40, Wait 40, 
Retransmit 5 
oob-resync timeout 40 
Hello due in 00:00:02 
Supports Link-local Signaling ILLS) 

Cisco NSF helper support enabled 
IETF NSF helper support enabled 
Index 2/2, flood queue length 0 
Next 0x0(0)/0x0(0) 

Last flood scan length is 1, maximum is - 
Last flood scan ti« is 0 mcc, .axi*» is 0 U'C 
Neighbor Count is 0, Adjacent neighbor count is 0 
Suppress hello for 0 neigiborisl 


A. Configure Rl and R2 as neighbors using interface addresses. 

B. On Rl, set the network type of the FastEthernetO/0.12 interface to broadcast 

C. On Rl, change the process ID to 1 

D. Configure Rl and R2 as neighbors using router IDs. 

Answer: B 


QUESTION 1084 

Refer to Exhibit. How is voice traffic entering this router on interface GigabitEthernetOO being 
handled by the shown making policy? 
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A. Any traffic matching access-list vice is trusted and marking is not changed. 

B. All voice is being set to DSCP 0. 

C. All voice is being set to AF21. 

D. Any traffic matching access-list voice is set to EF. 

Answer: C 


QUESTION 1085 

If EIGRP and OSPF are configured within an administrative domain for the same network, which 
value can you change so that the OSPF becomes the installed routing protocol for all routes? 

A. Local preference 

B. Metric 

C. MED 

D. Administrative distance 

E. Prefix length 

Answer: E 


QUESTION 1086 

Which two statements about VTPv3 are true? (Choose two) 

A. Extended VLANs prevent VTPv3 switches from becoming VTPv2 

B. VTPv3 must receive VTPv2 packets before it can send VTPv2 packets 
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C. VTPv3 accepts configuration information only from VTPv2 devices 

D. VTPv3 sends VTPv2 packets when they are detected on a trunk port 

E. VTPv3 regions can communicate in server mode only over a VTPv2 region 

Answer: AB 


QUESTION 1087 

Refer to the exhibit, which statement is true? 


Router#sh ip ospf 1 

Routing Process "ospf 1" with ID 1.0.0.102 

Start time: 00:00:09.225, Time elapsed: 00:02:54.839 

Supports only single TOS(TOSO) routes 

Supports opaque LSA 

Supports Link-local Signaling (LLS) 

Supports area transit capability 
Supports NSSA (compatible with RFC 3101) 

Event-log enabled. Maximum number of events: 1000, Mode: cyclic 
It is an area border and autonomous system boundary router 
Redistributing External Routes from, 

connected, includes subnets in redistribution 
Router is not originating router-LSAs with maximum metric 
Initial SPF schedule delay 100 msecs 

Minimum hold time between two consecutive SPFs 200 msecs 

Maximum wart time between two consecutive SPF3 10000 msecs 

Incremental-SPF disabled 

Initial LSA throttle delay 50 msecs 

Minimum hold time for LSA throttle 100 msecs 

Maximum wait time for LSA throttle 5000 msecs 

Minimum LSA arrival 80 msecs 

LSA group pacing timer 240 secs 

Interface flood pacing timer 33 msecs 

Retransmission pacing timer 66 msecs 

Number of external LSA 0. Checksum Sura 0x000000 

Number of opaque AS LSA 0. Checksum Sum 0x000000 

Number of DCbitless external and opaque AS LSA 0 

Number of DoNotAge external and opaque AS LSA 0 

Number of areas in this router is 2. 2 normal 0 stub 0 nssa 

Number of areas transit capable is 0 

External flood list length 0 

-srr ucr auccort enab_ed 



A. BFD, SPF and LSA timers are tuned for faster convergence 

B. Fast convergence is not configured 

C. BFD and SPF throttling are configured 

D. Only BFD is enabled 

Answer: A 
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QUESTION 1088 

Drag and Drop Question 

Drag and Drop Cisco PFR adjacency types. 


punt adjacency 


Packets are discarded. 



drop adjacency 


Features that require special handling or features that are not 
yet supported in conjunction with Cisco Express Forwarding 
switching paths are forwarded to the next switching layer for 
handling. Features that are not supported are forwarded to the 
next higher switching level. 



null adjacency 


When a router is connected directly to several hosts, the FIB table 
on the router maintains a prefix for the subnet rather than for the 
individual host prefixes. The subnet prefix points to a glean 
adjacency. When packets need to be forwarded to a specific host, 
the adjacency database is gleaned for the specific prefix. 



discard adjacency 


Packets are dropped, but the prefix is checked. 



glean adjacency 


Packets destined for a NulK) interface are dropped. This can 
be used as an effective form of access filtering. 


Answer: 
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QUESTION 1089 

Which two statements about IGMP filters that are operating in access mode are true? (Choose 
Two) 

A. They can be applied on the access port only. 

B. A filter that is applied on the SVI must use the same settings as a filter that is applied to the trunk 
port. 

C. The port filter is always checked first. 

D. They can be applied on both the SVI and the access port. 

Answer: AB 


QUESTION 1090 

Which technology can MSDP SA filters use to filter traffic? 

A. route maps 

B. community lists 

C. prefix lists 

D. class maps 

Answer: A 


QUESTION 1091 

Which two statements about TCP are true? (Choose two.) 
A. TCP option must be divisible by 32. 
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B. It has a 16-bit window size. 

C. Its maximum data offset is fifteen 32-bit words. 

D. It has a 32-bit window size. 

E. Its maximum data offset is ten 32-bit words. 

F. It has a 32-bit checksum field. 

Answer: BC 


QUESTION 1092 

Refer to the exhibit. Switch DSW1 should share the same MST region with switch DSW2. 
Which statement is true? 


vtp status 

VTP Vo3rs=io5\ r 

Ccmf £»g"uiv3L.t- i. cj n. Stsvision : 

VXANs- sujppox-fccbd locv^lly ; 
Ntandbes* csxist ins YI&Hs ; 

VTP Cjssrating iSod© : 

VTP Pm:Ain Hataes* r 

VTP Fsruningr Kcxie ; 

VTP V2 Jfoda : 

VTP Generation ; 

HDS «3igiest 

Oo^T,€ icpAJirv*.tion last noditica by IQ 


3-vLnrtiiTig- VTP 3. ^VTTPS erasable?) 

10QS 

7 

Clieiit- 

DAT.T.&S 

Dis»sti>lLes£i 

Disabled 

OsFl OxAC QkSE OssCF' 0siF7 QyxKET Qk9E GssDS 
.10i.i0i.il at 3-1-93 23:57.30 


vtp status: 

VTP Version 

Can£iguj^.tion Revision 
Ha*ii.5aAia VLAKs t;ed lccally 

rtf #3>-v -5 ^ OTAU*. 


running VTPl CVTF2 capable) 
3 

1005 


A. Configure DSW1 with the same version number, and VLAN-to-instance mapping as shown on 
DSW2. 

B. Configure DSW1 with the same region name, number, and VLAN-to-instance mapping as shown 
on DSW2. 

C. DSW2 uses the VTP server mode to automatically propagate the MST configuration to DSW1. 

D. DSW1 is in VTP client mode with a lower configuration revision number, therefore, it automatically 
inherits MST configuration from DSW2. 

E. DSW1 automatically inherits MST configuration from DSW2 because they have the same domain 
name. 


Answer: B 


QUESTION 1093 

Which three benefits does the Cisco Easy Virtual Network provide to an enterprise network? 
(Choose three.) 

A. simplified Layer 3 network virtualization 

B. improved shared services support 

C. enhanced management, troubleshooting, and usability 

D. reduced configuration and deployment time for dotlq trunking 

E. increased network performance and throughput 

F. decreased BGP neighbor configurations 

Answer: ABC 


QUESTION 1094 
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Refer to the exhibit. R1, R2, and R3 in different satellite offices of the same organization, which 
sources multicast video streams from R1. R3 frequently receives video streams intended for R2. 
These streams saturate the available bandwidth of R3. 

Which configuration change can alleviate the congestion on R3? 



A. Enable IGMP snooping on all switches that connect to R1 ,R2 and R3 

B. Place a PIM filter on the switch and interface that connect to R1 only 

C. Configure IGMP snooping on R1, R2 and R3 

D. Place a PIM filter on the switches and interfaces that connect to R1, R2 and R3 

E. Configure R3 to send an immediate-leave message when necessary to stop receiving unwanted 
traffic 

F. Enable PIM snooping on all switches that connect to R1, R2 and R3 

Answer: A 


QUESTION 1095 

Which two statements about UDP and latency are true? (Choose two.) 

A. UDP is connection oriented, so the size of a UDP stream is independent of latency. 

B. UDP is connection oriented, so latency can increase the size of a UDP stream. 

C. UDP is connectionless, so latency can increase the size of a UDP stream. 

D. If latency decreases, throughput also decreases. 

E. If latency increases, throughput also increases. 

F. Latency can cause jitter on UDP connections. 

Answer: CF 
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QUESTION 1096 

What is a reason for an EIGRP router to send an SIA reply to a peer? 

A. to respond to an SIA query with the alternative path requested 

B. to respond to a query reporting that the prefix has gone stuck-in-active 

C. to respond to an SIA query that the router is still waiting on replies from its peers 

D. to respond to a reply reporting that the prefix has gone stuck-in-active 

Answer: C 


QUESTION 1097 

Refer to the exhibit, what the effect of the given configuration? 



A. OSPF and EIGRP will perform mutual redistribution 

B. Network 10.10.1.0/24 will be redistributed in EIGRP 

C. Unless the subnets keyword is added to the redistribute command, subnetted networks will be 
excluded from OSPF 

D. The routing table will show a metric of 10 for routes redistributed from EIGRP 

Answer: C 


QUESTION 1098 

A packet capture log indicates that several router solicitation messages were sent from a local 

host on the IPv6 segment. What is the expected acknowledgment and its usage? 

A. Router acknowledgment messages will be forwarded upstream, where the DHCP server will 
allocate addresses to the local host. 

B. Routers on the IPv6 segment will respond with an advertisement that provides an external path 
from the local subnet, as well as certain data, such as prefix discovery. 

C. Duplicate Address Detection will determine if any other local host is using the same IPv6 address 
for communication with the IPv6 routers on the segment. 

D. All local host traffic will be redirected to the router with the lowest ICMPv6 signature, which is 
statically defined by the network administrator. 

Answer: B 


QUESTION 1099 

What are the three required attributed in a BGP update message? (Choose three ) 

A. AS_PATH 

B. COMMUNITY 

C. AGGREGATOR 
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D. MED 

E. NEXT HOP 

F. ORIGIN 

Answer: AEF 


QUESTION 1100 

Which value does EIGRP use to determine the metric for a summary address? 

A. The average of the component metrics 

B. A default fixed value 

C. The lowest metric among the component routes 

D. The highest metric among the component routes 

Answer: C 


QUESTION 1101 

Which CoS value is mapped to DSCP 48 by default? 

A. 6 

B. 7 

C. AF21 

D. AF44 

E. AF41 

F. 46 

Answer: A 


QUESTION 1102 

Under which condition does UDP dominance occur? 

A. when TCP traffic is in the same class as UDP 

B. when UDP flows are assigned a lower priority queue 

C. when WRED is enabled 

D. when ACLs are in place to block TCP traffic 

Answer: A 


QUESTION 1103 

Which option is a correct match criterion for policy-based routing? 

A. length 

B. interface type 

C. interface 

D. cost 

Answer: A 
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QUESTION 1104 

Which statement about the spanning-tree portfast feature on the switch is true? 

A. If an interface is enabled for portfast receives BDPU, the port goes through the spanning-tree 
listening, learning, and forwarding states. 

B. If an interface is enabled for portfast receives BDPU, the port does not go through the spanning- 
tree listening, learning, and forwarding states. 

C. If an interface is enabled for portfast receives BDPU, the port is shut down immediately. 

D. If an interface is enabled for portfast receives BDPU, the port goes into the spanning- tree 
inconsistent state. 

Answer: A 


QUESTION 1105 

A network engineer wants to add a new switch to an existing switch stack. Which configuration 
must be added to the new switch before it can be added to the switch stack? 

A. No configuration must be added. 

B. stack ID 

C. IP address 

D. VLAN information 

E. VTP information 

Answer: A 


QUESTION 1106 

What are the three modes of Unicast Reverse Path Forwarding? 

A. strict mode, loose mode, and VRF mode 

B. strict mode, loose mode, and broadcast mode 

C. strict mode, broadcast mode, and VRF mode 

D. broadcast mode, loose mode, and VRF mode 

Answer: A 


QUESTION 1107 

What is the function of NSF? 

A. forward traffic simultaneously using both supervisors 

B. forward traffic based on Cisco Express Forwarding 

C. provide automatic failover to back up supervisor in VSS mode 

D. provide nonstop forwarding in the event of failure of one of the member supervisors 

Answer: D 


QUESTION 1108 

Refer to the exhibit. Which two statements about the given NetFlow configuration are 
true?(Choose two) 
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A. It supports a maximum of 2048 entries 

B. It supports only IPv4 flows 

C. It supports both IPv4 and IPv6 flows 

D. It supports only IPv6 flows 

E. It uses the default port to send flows to the exporter 

Answer: AB 


QUESTION 1109 

Refer to the exhibit. What happens to a TCP packet that is received on interface GigabitEthernet 
0/0/0.100, which has DF bit set to 1, and packet has a valid destination? 



— 


ip access-list extended listl 
deny tcp any any 
permit ip any any 

! 

route—map foo permit 50 
match ip address listl 
set ip df O 

i 

interface GigabitEthernetO/O/O.lOOO 
description *+* VLAN lOOO *** 
encapsulation dot1Q lOOO native 
ip address 10.1.1.3 255.255.255.0 
ip policy route— map foo 
service-policy input marking 

1 



A. The packet is not matched by route-map foo and the DF bit is left as it was 

B. The packet is matched by route-map foo and the DF bit is left as it was 

C. The packet is matched by route-map foo and the DF bit is set to 0 

D. The packet is not matched by route-map foo and the DF bit is set to 0 ' 
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Answer: A 


QUESTION 1110 

When you configure an IPv6 IPsec tunnel, which two fields can represent the ISAKMP identity of 
a peer? (Choose two) 

A. Authentication method 

B. DH group identifier 

C. Hostname 

D. IP address 

E. Encryption algorithm 

Answer: CD 


QUESTION 1111 

Which two statements about 6PE are true? (choose two) 

A. iBGP peering between the PE routers should be done using an IPv6 address. 

B. It does not require MPLS between the PE routers. 

C. It requires a VRF on the IPv6 interface 

D. It requires BGP to exchange labeled IPv6 unicast between PE routers 

E. Uses an IPv4-mapped IPv6 address as the IPv4 next-hop on PE router 

Answer: DE 


QUESTION 1112 

An access switch at a remote location is connected to the spanning-tree root with redundant 
uplinks. A network engineer notices that there are issues with the physical cabling of the current 
root port. The engineer decides to force the secondary link to be the desired forwarding root port. 
Which action accomplishes this task? 

A. Adjust the secondary link to have a lower priority than the primary link. 

B. Change the link type to point-to-point. 

C. Apply a BPDU filter on the primary interface of the remote switches. 

D. Enable Rapid Spanning Tree to converge using the secondary link. 

Answer: A 


QUESTION 1113 

Which command correctly configures standby tracking for group 1 using the default decrement 
priority value? 

A. standby 1 track 100 

B. standby 1 track 100 decrement 1 

C. standby 1 track 100 decrement 5 

D. standby 1 track 100 decrement 20 

Answer: A 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


422 














Pass Leader’ 

Leader of IT Certifications 


QUESTION 1114 

Which two statements about IP SLA are true? (Choose two) 

A. SNMP access is not supported 

B. It uses active traffic monitoring 

C. It is Layer 2 transport-independent 

D. The IP SLA responder is a component in the source Cisco device 

E. It can measure MOS 

F. It uses NetFlow for passive traffic monitoring 

Answer: BC 


QUESTION 1115 

Which three characteristics are shared by subinterfaces and associated EVNs? (Choose three.) 

A. IP address 

B. routing table 

C. forwarding table 

D. access control lists 

E. NetFlow configuration 

Answer: ABC 


QUESTION 1116 

Flow long will the root bridge continue to send configuration BPDUs to notify all bridges to age out 
their MAC address tables? 

A. Three times the hello interval 

B. The forward delay + max-age time 

C. The max-age time 

D. The forward delay time 

Answer: B 


QUESTION 1117 

Refer to the exhibit, which type of connection does ERSPAN use to transport traffic from switch 1 
to switch 2? 
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A. An SVI 

B. A PPTP tunnel 

C. A GRE tunnel 

D. A VLAN 

Answer: C 


QUESTION 1118 

If OSPF fast hellos are configured on an interface and the hello-multiplier is set to 10, how 
frequently are hello packets are sent? 

A. every 200 milliseconds 

B. every 50 milliseconds 

C. every 100 milliseconds 

D. every 500 milliseconds 

Answer: C 


QUESTION 1119 

Refer to the exhibit. Which statement is true? 







Kofshow isis database 

IS-IS Level-2 Link State Database: 
LSPID LSP Seq Num 

R4.00-00 0x0000007A C 

R4.02-00 0x00000065 C 

R5.00-00 * OxOOOOOOOA 

LSP Checksum LSP Holdtime ATT/P/OL 

)xFF38 761 0/0/0 

)x7CFl 758 0/0/0 

0x6CFB 757 0/0/0 









A. R4 is a DIS 

B. R4 is the DIS for level 1 and level 2 

C. R5 is a DIS 
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D. R4 does not run levell IS-IS 

Answer: A 


QUESTION 1120 

Which two statements about the various types or DevOps tools are true? (Choose two) 

A. Puppet requires the installation of a master (server) and agents (clients) architecture for 
configuring systems. 

B. Salt cannot communicate with clients through general SSH, it use minions client agents only. 

C. Puppet and Chef are written in Python, Python skills are a must to operate these two. 

D. Ansible does not require agent node installation and uses SSH for performing all tasks. 

E. Chef and Puppet are much more attuned to the needs of system administrators. 

Answer: AD 


QUESTION 1121 

In a Cisco ACI environment, which option best describes "contracts"? 

A. a set of interaction rules between endpoint groups 

B. a Layer 3 forwarding domain 

C. to determine endpoint group membership status 

D. named groups of related endpoints 

Answer: A 


QUESTION 1122 

In a typical three-node OpenStack deployment, which two components are part of the controller 
node? (Choose two) 

A. Neutron Layer 3 agent 

B. Neutron DHCP agent 

C. Identity service 

D. Neutron Layer 2 agent 

E. Neutron server plugin 

Answer: CE 


QUESTION 1123 

Which option is the common primary use case for tools such as Puppet. Chef. Ansible, and Salt? 

A. network function visualization 

B. policy assurance 

C. Configuration management. 

D. network orchestration. 

Answer: C 
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QUESTION 1124 

Which two platforms provide hypervisor virtualization? (Choose two.) 

A. DevStack 

B. Docker 

C. KVM 

D. OpenStack 

E. Xen 

Answer: CE 


QUESTION 1125 

Which two characteristics of an loT network are true? (Choose two.) 

A. The transmission rate in an loT network is consistent. 

B. loT networks must be designed for low-powered devices. 

C. loT networks use IS-IS for routing. 

D. loT networks are 100% reliable 

E. loT networks are bandwidth constrained 

Answer: BE 


QUESTION 1126 

Which two options are benefits of moving the application development workload to the cloud? 
(Select Two) 

A. it provides you full control over the software packages and vendor used 

B. The application availability is not affected by the loss of a single virtual machine 

C. The workload can be moved or replicated easily. 

D. It provides a more secure environment 

E. High availability and redundancy is handled by the hypervisor. 

Answer: BE 


QUESTION 1127 

Refer to the exhibit. If you apply this configuration to a device on your network, which class map 
cannot match traffic? 
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A. CM-EXAMPLE-3 

B. CM-EXAMPLE-1 

C. CM-EXAMPLE-4 

D. CM-EXAMPLE-5 

E. CM-EXAMPLE-2 

Answer: A 


QUESTION 1128 

Refer to the exhibit. For which reason could the statistics for IP SLA operation 1 be unknown? 
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A. The ICMP echoes were lost in transit 

B. Data verification has been disabled 

C. The Type of Service parameter is configured incorrectly. 

D. The Operation Frequency value is the same as the Operation Timeout value. 

E. The IP SLA schedule is missing. 

Answer: E 


QUESTION 1129 

Which two statements about RIPng are true? (Choose two.) 

A. RIPng can support as many as 8 equal-cost routes. 

B. RIPng can support aa many as 32 equal-cost routes. 

C. 16 is the maximum metric it can advertise. 

D. Both inbound and outbound route filtering can be implemented on a single interface, 

E. A route with a metric of 15 is advertised as unreachable. 

Answer: CD 


QUESTION 1130 

Refer to the Exhibit. With BGP always-compare enabled, which BGP entry is installed in the RIB? 



A. Entry 3 because it has the lowest MED. 

B. Entry 1 because it has the best MED of the external routes. 

C. Entry 1 because it was installed first (oldest_ in the BGP table. 

D. Entry 2 because it has the lowest router ID. 

Answer: A 


QUESTION 1131 

Refer to the Exhibit. Which three statements about the output are true? (Choose Three) 
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IP Multicast Routing Tabla 
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^ * * 239. 192 *1.1), 00:01:43/stopped, RP 10.210.ISO.1, flags: SJC 
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Outgoing interface list: 
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Outgoing interface list: 
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Incoming interface: Null, RPF nb 
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O.ISO. 



flags: SJC1, 

03: 18 


A. Group 224.0.1.40 is a reserved address, and it should not be used for multicast user data 
transfer. 

B. Group 239.192.1.1 is a reserved address, and it should not be used for multicast user data 
transfer. 

C. One or more multicast groups are operating in PIM dense mode. 

D. One or more of the multicast data streams will be forwarded out to neighbor 10.85.20.20. 

E. A multicast receiver has requested to join one or more of the multicast groups. 

F. This switch is currently receiving a multicast data stream that is being forwarded out VLAN 
150. 

Answer: AEF 


QUESTION 1132 

Refer to the exhibit. Which two statements about the 192.168.23.0/24 prefix are true? (Choose 
two.) 
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A. Router 192.168.45.4 cannot act as a feasible successor. 

B. Router 192.168.35.3 is the only successor. 

C. Only router 192.168.45.4 is a feasible successor. 

D. Routers 192.168.35.3 and 192.168.45.4 are successors. 

E. Routers 192.168.35.3 and 192.168.45.4 are feasible successors. 

F. Only router 192.168.35.3 is a feasible successor. 

Answer: AB 


QUESTION 1133 

Refer to the exhibit. When packets are transmitted from rl to r2, where are they encrypted? 



A. on the E0/0 interface on Rl 

B. on the outside interface 

C. in the forwarding engine 

D. in the tunnel 

E. within the crypto map 

F. on the EO/1 interface on R2 

Answer: A 


QUESTION 1134 

Refer to the exhibit. When R2 attempted to copy a file the TFTP server, it received this error 
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message. When action can you take to correct the problem? 



A. configure the ip tftp source-interface FaO/1 command on R2 

B. configure the ip tftp source-interface FaO/1 command on R1 

C. configure the ip tftp source-interface LoopbackO command on R2 

D. configure the ip tftp source-interface LoopbackO command on R1 

E. Change the access-list configuration on R1 to access-list 1 permit 172.16.1.0 0.0.0.255. 

Answer: C 


QUESTION 1135 

Refer to the exhibit. Which action can you take to prevent loops and suboptimal routing on this 
network? 



A. Configure the rfc2328 compatibility command under the Cisco IOS OSPF routing process only 

B. Configure the rfc2328 compatibility command under the Cisco IOS OSPF NX-OS routing process 
only 

C. Configure the ref1583 compatibility command under the Cisco NX-OS OSPF routing process only 

D. Configure the ref1583 compatibility command under the Cisco IOS OSPF routing process only 

E. Configure the rfc2328 compatibility command Cisco IOS and NX-OS OSPF routing processes 

F. Configure the rfc2328 compatibility command under the Cisco IOS and NX-OS OSPF routing 
processes 


Answer: C 
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QUESTION 1136 

Which three message type are used for prefix delegation in DHCPv6?(Choose three) 

A. Solicit 

B. Renew 

C. Advertise 

D. DHCP Discover 

E. DHCP Ack 

F. DHCP Offer 

Answer: ABC 


QUESTION 1137 

Refer to the exhibit. Which IPv6 migration method is in use on this network? 



A. 6to4 tunnel 

B. NAT-PT 

C. ISATAP tunnel 

D. dual stack 

Answer: D 


QUESTION 1138 

Refer to the exhibit. What is the DSCP value that egresses SW2 toward R2? 
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A. 0 

B. 2 

C. 8 

D. 10 

E. 16 

Answer: A 


QUESTION 1139 

Which two OSPF network type require the use of a DR and BDR? (Choose two) 

A. non-broadcast networks 

B. point-to-point networks 

C. point-to-point non-broadcast networks 

D. broadcast networks 

E. point-to-multipoint networks 

Answer: AD 


QUESTION 1140 

Which two statements about SSM are true? (Choose two) 

A. It is designed to support many-to-many applications within a PIM domain. 

B. It requires IGMPv3 for source filtering. 

C. It uses (*, G) multicast routing entries to make forwarding decisions. 

D. It can work in conjunction with the ISM service. 

E. Its application and protocols use address 233.0.0.0 7233.255.255.255. 

Answer: BD 
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QUESTION 1141 

Which command can you enter to configure a Cisco router running OSPF to propagate the static 
default route 0.0.0.0 0.0.0.0 172.31.15.1 within the OSPF process? 

A. default-information originate 

B. redistribute static subnets 

C. redistribute static metric 1 subnets 

D. redistribute static 

Answer: A 


QUESTION 1142 

Refer to the exhibit. If this network is in the process of being migrated from EIGRP to OSPF, and 
all routers are now running both protocols, which action must you perform to complete the 
migration? 



A. Change the EIGRP administrative distance to 95 

B. Change the OSPF administrative distance to 95 

C. Change the OSPF administrative distance to 115 

D. Change the EIGRP administrative distance to 115 

Answer: D 


QUESTION 1143 

Refer to the exhibit. What is the effect on the network when you apply these configuration to R1 
and R2? 
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A. Asymmetric routing occurs because the bandwidth and delay K value settings are mismatched. 

B. The interface bandwidth and delay settings adjust automatically to match the new metric settings. 

C. The neighbor adjacency between R1 and R2 temporarily resets and then reestablishes itself. 

D. R1 and R2 fail to form a neighbor adjacency. 

Answer: AD 


QUESTION 1144 

Which statement is true about IGMP? 

A. Multicast source send IGMP messages to their first-hop router, which then generates a PIM join 
message that is then sent to the RP. 

B. Multicast receivers send IGMP message to signal their interest traffic multicast groups. 

C. IGMP message are encapsulated in PIM register message and send to the RP. 

D. Multicast receivers send IGMP message to their first-hop router, which then forwards the IGMP 
message to the RP. 

Answer: B 


QUESTION 1145 

Refer to the exhibit. The Main 1 and Branch 1 switches are connected directly over over an MPLS 
pseudowire, and both runn UDLD. After router B1 reloads because of a power failure.the 
pseudowire. However the Branch 1 switch is unable to reach the Main 1 switch. 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


435 
















Pass Leader 

Leader of IT Certifications 



Branch DBMS 


Which two actions can you take to restore connrctivity and problrm from recurring? (Choose two) 

A. Configure a backup pseudowire between the Main 1 and Branch 1 Switchs. 

B. Issue the shutdown and no shutdown commands on the Branch 1 switch uplink to the B1 router 
only. 

C. Configure a backup GRE tunnel between the Main 1 and Branch 1 switches. 

D. Issue the shutdown and no shutdown commands on both the Branch 1 switch uplink to the B1 
router and the Main 1 switch's uplink to the Ml router 

E. Enable errdisable recovery on both the Main 1 and Branch 1 switches. 

F. Enable UDLD recovery on both the Main 1 and Branch 1 switches. 

Answer: AF 


QUESTION 1146 

Flow are the Cisco Express Forwarding table and the FIB related to each other? 

A. Cisco Express Forwarding use a FIB to make IP destination prefix-based switching decisions. 

B. The FIB is used to population the Cisco Express Forwarding table. 

C. There can be only FIB but multiple Cisco Express Forwarding tables on IOS devices. 

D. The Cisco Express Forwarding table allows route lookups to be forwarding to be route processor 
for processing before they are sent to the FIB. 

Answer: A 
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QUESTION 1147 

Refer to the exhibit. Which effect of this configuration is true? 



A. Users can enter user EXEC mode without a user name using password cisco4 

B. Users in user EXEC mode can enter privileged EXEC mode without a user name or password. 

C. Users can enter privileged EXEC mode using user name ciscol and password cisco2 

D. Users in user EXEC mode can enter privileged EXEC mode without a user name using password 
cisco3 

Answer: B 


QUESTION 1148 

Examine the DHCP configuration between R2 and R3 ,R2 is configured as the DHCP server and 
R3 as the client. 

What is the reason R3 is not receiving the IP address via DHCP? 

A. On R2, the network statement in the DHCP pool configuration is incorrectly configured 

B. On R3 DHCP is not enabled on the interface that is connected to R2 

C. On R2 the interface that is connected to R3 is in shutdown condition 

D. On R3 the interface that is connectd to R2 is in shutdown condition 

Answer: A 


QUESTION 1149 

Which two statements about AAA authentication are true? (Choose two) 

A. RADIUS authentication queries the router's local username database. 

B. TACASCS+ authentication uses an RSA server to authenticate users. 

C. Local user names are case-insensitive. 

D. Local authentication is maintained on the router. 

E. KRB5 authentication disables user access when an incorrect password is entered. 

Answer: DE 


QUESTION 1150 

Refer to the exhibit. A packet from network 10.0.1.0/24 destined for network 10.0.2.0/24 arrives at 
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R1 on interface GiO/O, but the router drops the packet instead of transmitting it out interface GiO/1. 
Which feature that is configured on R1 can cause this problem? 



A. UDLC 

B. split horizon 

C. uRPF 

D. spanning tree 

Answer: C 


QUESTION 1151 

Which two statements about DMVPN with NHRP are true? (Choose two) 

A. NHRP shortens the configuration of the hub router. 

B. NHRP dynamically provides information about the spoke routers to the hub. 

C. NHRP disables multicast 

D. The hub router uses NHRP to initiate the GRE tunnel with spokes. 

E. The spoke routers act as the NHRP servers. 

Answer: AB 


QUESTION 1152 

Which two statements about IS-IS metrics are true? (Choose two) 

A. The default metric style is narrow 

B. The default metric for the IS-IS interface is 63 

C. The default metric style is wide 

D. The default metric for the IS-IS interface is 64 

E. The default metric for the IS-IS interfaceis 10 

Answer: AE 
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QUESTION 1153 

Which two pieces of information are returned by the show ipv6 mid snooping querier command? 
(Choose two) 

A. Learned group information 

B. IPv6 address information 

C. MLD snooping querier configuration 

D. incoming interface 

Answer: BD 


QUESTION 1154 

Which three statements about microbursts are true? (Choose three) 

A. They can occur when chunks of data are sent in quick succession 

B. They occur only with UDP traffic 

C. They appear as input errors on an interface counter 

D. They appear as ignores and overruns on device buffers 

E. They can be monitored by IOS software 

F. They appear as misses and failures on device buffers 

Answer: ADE 


QUESTION 1155 

Which two platforms provide hypervisor virtualization?(choose two) 

A. Xen 

B. Docker 

C. KVM 

D. OpenStack 

E. DevStack 

Answer: AC 


QUESTION 1156 

In a typical three-node Open Stack deployment, which two components are part of the controller 
note? (Choose two) 

A. Neutron server plugin 

B. Neutron DHCP agent 

C. Neutron layer 2 agent 

D. Identify Service 

E. Neutron Layer 3 agent 

Answer: AE 


QUESTION 1157 
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What is the default time-out value of an ARP entry in Cisco IOS Software? 

A. 720 minutes 

B. 240 minutes 

C. 60 minutes 

D. 480 minutes 

E. 120 minutes 

Answer: B 


QUESTION 1158 

Which Cisco IOS XE component provides separation between the control plane and the data 
plane? 

A. Common Management Enabling Technology 

B. Free and Open Source Software 

C. POSIX 

D. Forwarding and Feature 

Answer: D 


QUESTION 1159 

Refer to the exhibit. If the Web Server has been configured to listen only to TCP port 8080 for all 
HTTP requests, which command can you enter to how internet users to access the web server on 
HTTP port 80? 



A. ip nat inside source static tcp 10.1.1.100 80 10.1.1.100 8080 

B. ip nat outside source static tcp 10.1.1.100 80 10.1.1.100 8080 

C. ip nat outside source static tcp 10.1.1.100 8080 10.1.1.100 80 

D. ip nat inside source static tcp 10.1.1.100 8080 10.1.1.100 80 

Answer: D 


QUESTION 1160 

Which three statements about Ansible are true? (Choose three.) 

A. Ansible by default manages remote machines over SSL. 

B. No ports other than the SSH port are required; there is no additional PKI infrastructure to maintain. 

C. Ansible requires remote agent software. 

D. Ansible by default manages remote machines over SSH. 
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E. Ansible does not require specific SSH keys or dedicated users. 

F. Ansible requires server software running on a management machine. 

Answer: BDE 


QUESTION 1161 

Which description of Infrastructure as a Service is true? 

A. a cloud service that delivers on-demand resources like networking and storage. 

B. a cloud service that delivers on-demand internet connection between sites 

C. a cloud service that delivers on-demand software services on a subscription 

D. a cloud service that delivers on-demand internet connection 

Answer: A 


QUESTION 1162 

Which IPv6 first hop security feature blocks traffic sourced form ipv6 address that are outside the 
prefix gleaned from router advertised 

A. IPv6 source guard 

B. IPv6 DHCP guard 

C. IPv6 RA guard 

D. IPv6 prefix guard 

Answer: C 


QUESTION 1163 

Which data modeling language is commonly used by NETCONF? 

A. HTML 

B. XML 

C. YANG 

D. REST 

Answer: C 


QUESTION 1164 

Refer to the exhibit. While troubleshooting an issue with a blocked switch port, you find this error 
in the switch log. Which action should you take first to locate the problem? 


SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port FastEthemetO/1 
in VLAN 10. Moved to loop-inconsistent state 


A. Check the attached switch for a BPDU filter. 

B. Test the link for unidirectional failures. 

C. Execute the show interface command to check FastEthernetO/1. 

D. Check the attached switch for an interface configuration issue. 
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Answer: A 


QUESTION 1165 

Which two statements about route summarization are true? (Choose two.) 

A. EIGRP can summarize routes at the classful network boundary 

B. EIGRP and RIPv2 route summarize are configured with the ip summary-address command under 
the route. 

C. It can be disabled in RIP, RIPv2 and EIGRP 

D. It require a common set of high-order bits for all component routes 

E. RIPv2 can summarize-routes beyond the classful network boundary 

Answer: AD 

QUESTION 1 

Which two statements about the various types of DevOps tools are true? (Choose two.) 

A. Chef and Puppet are much more attuned to the needs of system administrators. 

B. Puppet and Chef are written in Python. Python skills are a must to operate these two. 

C. Salt cannot communicate with clients through general SSH. it use minions client agents only. 

D. Puppet requires the installation of a master (server) and agents (clients) architecture for 
configuring systems. 

E. Ansible does not require agent node installation and users SSH for performing all tasks. 

Answer: AD 


QUESTION 1167 

Refer to the exhibit. How can you configure this network so that customers can transparently 
extend their networks through the provider? 



A. Configure eBGP peering among the CE routers. 

B. Configure EIGRP OTP on the CE routers. 

C. Configure eBGP peering between the CE and PE routers. 

D. Configure OSPF peering between the CE and PE routers. 

Answer: B 
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QUESTION 1168 

Refer to the exhibit. If interface FastEthernetO/1 goes down, how does the router R5 responds? 



A. It sends query packets to neighbor 192.168.35.3 for destination 192.168.24.0/24. 

B. It sends update packets to neighbor 192.168.35.3 for destination 192.168.24.0/24. 

C. It is stuck in active for destination 192.168.24.0/24. 

D. It used interface F0/0 and neighbor 192.168.35.3 as the new path to destination 192.168.24.0/24. 

Answer: D 


QUESTION 1169 

Which two statements about IS-IS authentication are true? (Choose two.) 

A. Level 2 LSPs transmit the password encrypted inside the IS-IS PDU. 

B. Area and domain authentication must be configured together. 

C. Passwords can be configured on a per-interface basis. 

D. If LSP authentication is in use, unauthorized devices can form neighbor adiacencies. 

E. Lever 1 LSPs use the domain password. 

Answer: CD 


QUESTION 1170 

Which interior gateway protocol is based on open standards, uses a shortest-path first algorithm, 
provides native protocols, and operates at the data link layer? 

A. IS-IS 

B. EIGRP 

C. BGP 

D. OSPF 

Answer: A 
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QUESTION 1171 

Which two options are potential impacts of microbursts? (Choose two.) 

A. invalid checksum 

B. tail drops 

C. packet loss 

D. unicast flooding 

E. asymmetric routing 

F. unnecessary broadcast traffic 

Answer: BC 


QUESTION 1172 

Which mechanism does get vpn use to preserve ip header information? 

A. GRE 

B. MPLS 

C. IPsec transport mode 

D. IPsec tunnel mode 

Answer: D 


QUESTION 1173 

What is the main difference between GETVPN and traditional IPsec encryption techniques? 

A. Only GETVPN uses three types of encryption keys. 

B. Only GETVPN uses group SA. 

C. Only traditional IPsec uses ISAKMP for authentication. 

D. Only traditional IPsec uses PSKs. 

Answer: B 


QUESTION 1174 

Refer to the exhibit. This network is undergoing a migration from PVST+ to MST. SI is the MSTO 
root bridge and S2 is the MSTO secondary root. 

Which statement about traffic from S3 is true? 
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A. Interface GO/1 is blocked on S3 for VLAN40 and VLAN50 and load balancing fails until S3 is 
migrated to MST. 

B. Interface G0/0 is blocked on S3 for VLAN40 and VLAN50 unless it is configured for load balancing 
with PVST+. 

C. Interface G0/0 is blocked on S3 for VLAN40 and VLAN50 and load balancing fails until S3 is 
migrated to MST. 

D. VLAN traffic automatically load balances between G0/0 and GO/1 on S3 using PVST+. 

E. PVST+ inherits the load-balancing configuration from MST. 

Answer: A 


QUESTION 1175 

Refer to the exhibit. Which statement about the effect of this configuration is true? 



A. The 192.168.2.1/24 network is summarized and advertised as 192.168.2.0/24. 

B. The 192.168.2.1/32 network appears in the route table on R1, but it is missing from its OSPF 
database. 

C. The 192.168.2.1/32 network is missing from OSPF database and the route table on R1 
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D. The 192.168.2.1/32 network appears in the R1 OSPF database, but it is missing from its routing 
table. 

Answer: D 


QUESTION 1176 

Refer to the exhibit. Which two effects of this configuration are true? (Choose 2) 



A. It creates an administratively scoped boundary for ACL 60. 

B. It sets the TTL for discovery messages to 60 hops. 

C. It prevent the device from falling back to dense mode. 

D. It sets announcement interval to 60 seconds. 

E. It configure the router as the rendezvous point. 

Answer: BE 


QUESTION 1177 

Which IS-IS process is responsible for flooding local link information to adjacent routers? 

A. decision 

B. receive 

C. forward 

D. update 

Answer: D 


QUESTION 1178 

Refer to the exhibit. If R1 generated this response to the show debug command, which statement 
its debug output is true? 


R11 nhow drbiiq 

Condiuon Is int«r(«cif FitO/O |1 fliKjt triijijppcdl 
flaga: FiiO/O 

Condition ?: ip (O flan* trlqQrrrd) 

Condition 3: uarmnnr cisco (0 triOQcrcdi 


A. As soon as interface FaO/O becomes active, it generate debug output because one condition has 
been met. 

B. When debug output is generated, only the user cisco is permitted to view it. 

C. R1 generates debug output as soon as IP address 192.168.0.0 is applied to interface Fa0/0. 
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D. R1 generates debug output as soon as all three conditions are met. 

Answer: A 


QUESTION 1179 

Which condition must be satisfied before a Cisco router running RIP can poison a route? 

A. The invalid timer must expire. 

B. The hold down timer must expire. 

C. The flush timer must expire. 

D. The flush timer must reach 240 seconds. 

E. The metric must equal 16. 

Answer: A 


QUESTION 1180 

What is the default console authentication method on the Cisco routers? 

A. Local 

B. EAPol 

C. open 

D. TACACS+ 

E. no authentication 

F. RADIUS 

Answer: E 


QUESTION 1181 

Under which two circumstances is IPsec transport mode appropriate? (Choose two) 

A. When both hosts are behind IPsec peers. 

B. When the hosts are transmitting router management traffic. 

C. When only one host is behind an IPsec peer. 

D. When only IP header encryption is needed. 

E. When IPsec peers are the source and the destination of the traffic. 

F. When only IP header authentication is needed. 

Answer: BE 


QUESTION 1182 

Refer to the exhibit. 

interface Ethernet 0/0 

ip policy routemap PBR routemap PBR 

match ip address 144 

set ip nexthop 172.16.12.5 

set ip nexthop recursive 192.168.3.2 

Which statement describes how a router with this configuration treats packets if the devices at 
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172.16.12.5 and 192.168.3.2 are unreachable? 

A. It routes the packet using the default routing table. 

B. It routes the packet into a loop and drops it when the TTL reaches zero. 

C. It drops the packet immediately. 

D. It sends an ICMP source quench message. 

Answer: A 


QUESTION 1183 

Which GDOI key is responsible for encrypting control plane traffic? 

A. the traffic encryption key. 

B. the preshared key 

C. the key encryption key 

D. the key-chain. 

Answer: C 


QUESTION 1184 

Which characteristic of an IS-IS single topology is true? 

A. Its IPv4 and IPv6 interfaces must have a 1:1 correlation. 

B. It supports asymmetric IPv4 and IPv6 interface. 

C. It uses a separate SPF calculation than the IPv4 routing table. 

D. The metric-style wide command must be enabled. 

Answer: C 


QUESTION 1185 

Refer to the exhibit. Which IPv6 migration is in use on this network? 



A. 6to4 tunnel 

B. NAT-PT 

C. ISATAP tunnel 

D. dual stack 

Answer: B 


QUESTION 1186 

Which two statements about BIDIR-PIM are true? (Choose two) 
A. It uses implicit join messages to signal membership. 
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B. It is designed to support one-to-many applications within a PIM domain. 

C. It uses (*, G) multicast routing entries to make forwarding decisions. 

D. It uses a designated forwarder to maintain a loop-free SPT. 

E. Traffic can be passed downstream from the shared tree toward the RP. 

Answer: CE 


QUESTION 1187 

In an STP domain. Which two topology are true a nonroot switch, when it reveives a configuration 
BPDU from the root bridge with the TC bit set? (Choose two) 

A. It does not recalculate the STP topology upon receiving change notification from the root switch. 

B. It sets the MAC table aging time to maxage time. 

C. It recalculates the STP topology upon receiving topology change notification from the root switch. 

D. It sets the MAC table aging time to forward_delay time. 

Answer: AD 


QUESTION 1188 

Refer to the exhibit. When you apply these configurations to R1 and R2. 
Which two effects occur? (Choose two) 



A. The 172.16.1.1 network is reachable via OSPF on R1 

B. R1 authenticates using the username Cisco 

C. R1 and R2 successfully authenticates using CHAP 

D. Authentication between R1 and R2 fails. 

E. R1 and R2 authentications using PAP 

Answer: BD 


QUESTION 1189 

Refer to the exhibit. Switch A is connected to two MSTP domains for the first time. 
This error is observed on Switch A. 

%SPANTREE-2-PVSTSIM_FAIL: 

Blocking designated port FaO/1: 

Inconsistent superior PVST BPDU received on VLAN 10 
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How can this error be resolved? 



A. Map VLAN 10 into an appropriate instance on Switch A. 

B. Remove the 1 ST root from MST Region 2. 

C. Configure PVST+ to allow MST Region 1 to the root for VLAN 10. 

D. Map VLAN 10 to instance 0 in all MST regions. 

Answer: D 


QUESTION 1190 

Which three mode are valid PfR monitoring modes of operation? (Choose three) 

A. passive mode (based on Cisco IP SLA probes) 

B. route monitor mode (based on BGP route changes) 

C. RMON mode (based on RMONvl and RMONv2 data) 

D. active mode (based on Cisco IP SLA probes) 

E. passive mode (based on NetFlow data) 

F. fast mode (based on Cisco IP SLA probes) 

Answer: DEF 


QUESTION 1191 

Which two statements about redistribution are true? (Choose two) 

A. When BGP traffic is redistributed into OSPF eBGP and iBGP routes are advertised. 

B. When EIGRP routes on a CE are redistributed through a PE into BGP, the Cost Community POI 
set automatically. 

C. When EIGRP traffic is redistributed into BGP, a default metric is required. 

D. When BGP traffic is redistribute into OSPF the metric is set to 1 unless the metric is defined. 

E. iBGP routes automatically redistribute into IGP if the routes are in the routing table. 

F. When OSPF traffic is redistributed into BGP internal and external routes are redistributed. 

Answer: BD 


QUESTION 1192 

Refer to the exhibit. With BGP always-compare-med enabled, which BGP entry is installed in the 
RIB? 


Get Latest & Actual 400-101 Exam's Question and Answers from Passleader. 
http://www.passleader.com 


450 




















Pass Leader’ 

Leader of IT Certifications 


Entry 1: AS (PATH) 400 , med 150, external, rid 2.2.2.2 
Entry2i AS (PATH) 100 , med 200, external, rid 1.1.1.1 
Entry3: AS (PATH1 400 , med 100, external, rid 3.3.3.3 


A. Entry 1 because it was installed first (oldest) in the BGP table. 

B. Entry 1 because it has the best MED of the external routes. 

C. Entry 2 because it has the lowest router ID. 

D. Entry 3 because it has the lowest MED. 

Answer: D 

QUESTION 1193 

Refer to the exhibit. Which statement about the R1 multicast network environment is true? 



A. The default mroute uses TunnellO as the next hop for 10.1.108.10. 

B. RPF builds the topology using the unicast data for source address 10.1.108.10. 

C. A static mroute is configured to point multicast traffic for 10.30.30.30 through Ethernetl/O. 

D. RPF uses the OSPF 100 table for source address 10.1.108.10. 

Answer: C 


QUESTION 1194 

Drag and drop each step in the performance-monitoring configuration process on the left to the 
correct order on the right. 
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Drag and drop each step in the performance-monitoring configuration process on the left into the correct order 
on the right. 


Configure a policy with at least one 
performance-monitor type flow monitor. 


1 



Configure a flow record. 


2 



Configure a class that describes the filtering criteria. 


3 



Associate a performance-monitor type policy with its 
corresponding interface. 


4 



Configure a flow monitor that includes the flow record 
and flow exporter. 


5 

Answer: 

Drag and drop each step in the performance-monitoring configuration process on the left into the correct order 
on the right. 



Configure a policy with at least one 
performance-monitor type flow monitor. 


Configure a flow record. 



Configure a flow record. 


Configure a flow monitor that includes the flow record 
and flow exporter. 



Configure a class that describes the filtering criteria. 


Configure a class that describes the filtering criteria. 



Associate a performance-monitor type policy with its 
corresponding interface. 


Configure a policy with at least one 
performance-monitor type flow monitor. 



Configure a flow monitor that includes the flow record 
and flow exporter. 


Associate a performance-monitor type policy with its 
corresponding interface. 


QUESTION 1195 

Drag and drop each IPv6 migration method from the left onto the matching desription on the right 
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6to4 tunneling 


Configures parallel IPv4 and IPv6 network 
infrastructure and addresses 



dual stack 


Translates traffic between IPv4 and IPv6 
addresses 



IPv6 to IPv4 GRE tunneling 


Uses any IPv6 unicast site address 



ISATAP tunneling 


uses IPv6 site address with in the 2002: :/16 
prefix 



NAT-PT 


Uses standard point-to-point encapsulation 


Answer: 


6to4 tunneling 


dual stack 



dual stack 


NAT-PT 



IPv6 to IPv4 GRE tunneling 


ISATAP tunneling 



ISATAP tunneling 


6to4 tunneling 



NAT-PT 


IPv6 to IPv4 GRE tunneling 


QUESTION 1196 

Drag and drop each step in the uRPF packet-forwarding process from the left into the connect 
order of operations on the right. 


Input ACLS are checked on the ingress 


stepl 

interface 




Output ACLs on the egress interface are checked 


step2 



The devices check the Cisco Express forwarding 


step3 

table to forward the packet 




The devices performs a lookup in the FIB table 


step4 

to verify the best return path 




The packet is forwarded out of the egress 


step5 

interface 
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Answer: 


The packet is forwarded out of the egress 
interface 


The devices check the Cisco Express forwarding 
table to forward the packet 



Output ACLs on the egress interface are checked 


Output ACLs on the egress interface are checked 



The devices check the Cisco Express forwarding 


The packet is forwarded out of the egress 

table to forward the packet 


interface 



The devices performs a lookup in the FIB table 


Input ACLS are checked on the ingress 

to verify the best return path 


interface 



Input ACLS are checked on the ingress 


The devices performs a lookup in the FIB table 

interface 


to verify the best return path 


QUESTION 1197 

Drag and drop each multicast protocol from the left onto matching description on the right. 


Bidirectional PIM 


Allows the receiver to request multicast traffic 
directly from the source instead of through the RP 



MBGP 


Delivers multicast traffic using a pull model with 
both shared and shortest-path trees 



MSDP 


Delivers multicast traffic using a push model 



PIM-dense mode 


Supports many-to-many multicast flows within 
a single domain 



PIM-sparse mode 


Supports non-congruent unicast and multicast 
topologies 



SSM 


Use anycast RPs to share information about 
active source between domains 


Answer: 
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Bidirectional PIM 


SSM 



MBGP 


PIM-sparse mode 



MSDP 


PIM-dense mode 



PIM-dense mode 


Bidirectional PIM 



PIM-sparse mode 


MBGP 



SS M 


MSDP 


QUESTION 1198 

Drag each OSPFv2 SA parameter on the left to its, corresponding description on the right. 


Authentication Algorithm 


An 8-bit unsigned value that controls which SA 
the receiver uses 




Authentication key 


The time at which the OSPF router will begin 
using the SA to encrypt packets 

KeylD 

The time at which the OSPF router will stop 
processing packets form the SA 




Key Start Accept 


A secret value used when encrypting packets 

Key Start Generate 

The time at which the OSPF router will stop 
using the SA to encrypt packets 




Key Stop Accept 


A value that controls the cryptographic mode 

Key Stop Generate 

The time at which the OSPF router will begin 
processing packets from the SA 


Answer: 
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Authentication Algorithm 


KeylD 



Authentication key 


Key Start Generate 



KeylD 


Key Stop Accept 



Key Start Accept 


Authentication key 



Key Start Generate 


Key Stop Generate 



Key Stop Accept 


Authentication Algorithm! 



Key Stop Generate 


Key Start Accept 


QUESTION 1199 

Drag and drop each IP traffic plane-packet type from the left noto its description on the right. 


control-plane packets 


packets that are generated by end users and 
forwarded to other end-station devices using 
destination IP address based forwarding 



data-plane packets 


packets that are generated by ... by the router 
CPU 



exception IP packets 


packets that are used to create and operate the 
network 



management-plane packets 


packets that have either a transit destination IP 
address or a receive destination IP address 



service-plane packets 


packets that may contain TTL expires or IP 
header options 


Answer: 
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contra I-plane packets 


data-plane packets 


exception IP packets 


management-plane packets 


service-plane packets 


data-plane packets 


management-plane packets 


contra I-plane packets 


service-plane packets 


exception IP packets 


QUESTION 1200 

Drag and drop each NAT64 description from the left onto the corresponding NAT64 type on the 
right 


conserves IPv4 addresses 


Stateless NAT64 



creates a unique binding for every translation 





performs 1:1 translation 






performs 1:N translation 





provides end-to-end address transparency 


Stateless NAT64 



requires IPv6 address assignments that can be 
translated to IPv4 





supports all modes of IPv6 address assignment 






wastes IPv4 addresses 




Answer: 
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conserves IPv4 addresses 


Stateless NAT64 

performs 1:1 translation 


creates a unique binding for every translation 


requires IPv6 address assignments that can be 
translated to IPv4 



performs 1:1 translation 


provides end-to-end address transparency 




performs 1:N translation 


wastes IPv4 addresses 



provides end-to-end address transparency 


Stateless NAT64 

conserves IPv4 addresses 


requires IPv6 address assignments that can be 
translated to IPv4 


creates a unique binding for every translation 



supports all modes of IPv6 address assignment 


performs 1:N translation 




wastes IPv4 addresses 


supports all modes of IPv6 address assignment 


QUESTION 1201 

Refer to the exhibit. The router sets local-preference to which option when it receives a BGP 
route with a community string 1000:130 from a neighbor in the LocalSite peer-group? 
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router bgp 
neighbor 
neighbor 
neighbor 
neighbor 
neighbor 
neighbor 


65500 

LocalSite 

LocalSite 

LocalSite 

LocalSite 

LocalSite 

LocalSite 


peer-group 

ebgp-multihop 2 

update - source LoopbackO 

next-hop-self 

route-map CheckCommunity in 
route-map CPodPeer out 


route-map CheckCouuuunity permit 8 
match community 8 
set local-preference 80 


route-map CheckCouuuunity permit 10 
match community 1 
set local-preference 110 

i 

route-map CheckCouuuunity permit 30 
{ 

ip community-list 1 permit 1000:100 
ip community-list 3 permit 1000:130 
ip community-list 8 permit 1000:80 


A. 110 

B. no setting 

C. the default value 

D. 80 

Answer: C 


QUESTION 1202 

Which two statements about 6to4 tunnels are true? (Choose two.) 

A. They encapsulate IPv6 packets, which allows the packets to travel over IPv4 infrastructure. 

B. They support point-to-multipoint traffic. 

C. They support OSPF and EIGRP traffic. 

D. They support point-to-point traffic. 

E. They allow IPv4 packets to travel over IPv6 infrastructure without modification. 

F. They generate an IPv6 prefix using a common IPv4 address. 

Answer: AD 


QUESTION 1203 

Which three statements about AToM are true? (Chooose three.) 

A. It supports interworking for Frame Relay, PPP, and Ethernet, but not ATM. 

B. The attachment circuit is configured with the xconnect command. 

C. It requires MPLS between PE routers. 

D. The PE routers must share the same VC identifier. 
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E. IP CEF should be disabled on the PE routers. 

F. It requires Layer 3 routing between the PE and CE router. 

Answer: BCD 


QUESTION 1204 

Which two statements about Cisco Express Forwarding are true? (Choose two) 

A. The FIB table and the adjacency table reside on the line cards when distributed Cisco Express 
Forwarding is enabled. 

B. Layer 2 next-hop address information is maintained in the adjacency table. 

C. The FIB table and the adjacency table reside on the line cards when Cisco Express Forwarding 
enabled. 

D. Layer 2 next-hop address information is maintained in the FIB table. 

E. The FIB table resides on the route processor and the adjacency table resides on the line cards 
when Cisco Express Forwarding is enabled. 

Answer: AB 
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